<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Stamus Networks Open Source - SELKS

Developed by Stamus Networks, SELKS is a turnkey Suricata-based IDS/IPS/NSM ecosystem with its own graphic rule manager and basic threat hunting capabilities. SELKS is a Debian-based live distribution built from 5 key open source components that comprise its name – Suricata, Elasticsearch, Logstash, Kibana and Stamus Scirius Community Edition (Suricata Management and Suricata Hunting). In addition, it includes components from Moloch and Evebox, which were added after the acronym was established.

SELKS with Scirius Community Edition

NEW with SELKS 6

  • New threat hunting interface. Improved new GUI with drill down and click-based filters based on Suricata alert data.
  • New dashboard views. Twenty-six (26) new/upgraded Kibana dashboards and hundreds of visualizations that correlate alert events to NSM data and vice versa. Examples of the new dashboards include updates to application layer anomalies, alerts, TLS and JA3/JA3S views.
  • Updated versions of each component. These include ELK stack (7.7.0), Suricata (6.0.0-dev), Debian (Buster), EveBox (1:0.11.1), Moloch (2.2.3), and Scirius Community Edition (3.5.0)

Are you wondering if there is any value in upgrading to the Scirius Security Platform, the commercial product offering from Stamus Networks? Check out Scirius Security Platform pages on our website or download the white paper described below to learn more.

VISIT THE SCIRIUS SECURITY PLATFORM WEB PAGE
SELKS-vs-SSP_Whitepaper-1

This white paper explores the differences between SELKS and Scirius Security Platform from seven major dimensions:

      • Enterprise scale and integration
      • Organization-specific context
      • Threat detection and hunting
      • Network traffic analysis
      • Event noise reduction
      • Total cost of ownership
      • Enterprise support
DOWNLOAD WHITE PAPER NOW

See the table below for a summary of the differences between SELKS and the Stamus Networks commercial offerings.

Feature (partial list) SELKS Scirius Probe Management Scirius Enriched Hunting Scirius Threat Radar
IDS administration for one probe X X X X
IDS ruleset management for one ruleset X X X X
Basic threat hunting on IDS events X X X
Real-time network traffic analysis X X X X
IDS administration for multiple probes X X X
IDS ruleset management for multiple rulesets X X X
Multiple Stamus Networks probes and/or Suricata sensors X X X
Automated health and wellness monitoring X X X
Automated application and OS updates X X X
Unified network threat hunting tool X X
Guided hunting that drives detection X X
Real-time correlation of IDS events, network traffic analysis and organizational data X X
Automated event classification and advanced tagging X X
Network definitions providing enhanced detection of lateral threat proliferation X X
Enriched data provides context and increase network visibility X X
Unique metadata for perspective and investigation X X
Metadata integration with SIEM, SOAR, and data lakes X X
Highest probability indicators mapped into the cyber kill chain X
Unified threat detection results drive insightful threat detection algorithms from Stamus Networks X
User defined algorithms detect high probability threats specific to your environment X
Host fingerprinting details network services, user agents, host name and logged in users X
Prioritizes high probability events to direct investigations X
Proofpoint ETPro Ruleset bundle X