Stamus Networks believes in the innovative power and flexibility that Open Source Software posses. It also offers independence and great adaptability – critical when building security products you can trust. But taking from the community is not enough if you want more common good to emerge. This is why Stamus Networks makes its best to contribute back to the Open Source idea. The main part of our contribution back to Open Source is our two projects SELKS, a live and installable ISO implementing a ready to use Suricata IDS/IPS, and Scirius, a web interface dedicated to Suricata ruleset management.
SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. From start to analysis of IDS/IPS and NSM events in 30 sec. The name comes from its major components:
After starting or installing SELKS, you get a running Suricata intrusion and detection prevention system within a NSM platform, Kibana to analyze alerts and events, EveBox to correlate flows, archive/comment on events,reporting and pcap download. There is also Scirius to configure and manage the Suricata ruleset.
SELKS is released under GPLv3 license. Sources, README, issues tracker and wiki are hosted on GitHub. To ask any questions or get help you can use our mailing list. You can thus build your own SELKS ISO or just download the ready to use ISO’s below. SELKS exists in two flavors with and without desktop interface.
Scirius is a web interface dedicated to Suricata ruleset management. It manages the rule files/categories . Sources for the ruleset can be local (uploaded files) or remote files (archive accessible via HTTP or HTTPS like the Emerging Threats Open/PRO ruleset).
Scirius is an application written in Django.