Download the latest version of SELKS
Developed by Stamus Networks, SELKS is a turnkey Suricata-based IDS/IPS/NSM ecosystem with its own graphic rule manager and basic threat hunting capabilities. SELKS is a Debian-based live distribution built from 5 key open source components that comprise its name – Suricata, Elasticsearch, Logstash, Kibana and Stamus Scirius Community Edition (Suricata Management and Suricata Hunting). In addition, it includes components from Moloch and Evebox, which were added after the acronym was established.
SELKS give you a Suricata intrusion detection and prevention system within an NSM platform, Kibana to analyze alerts and events, EveBox to correlate flows, archive/comment on events, reporting and pcap download. Your user interface is the Scirius Community Edition which allows you to configure and manage the Suricata ruleset and perform basic threat hunting.
SELKS is released under GPLv3 license.
To access source files, README documentation, issues tracker and wiki, please visit our page on GitHub. To ask questions or ask for help, you may join our open source mailing list.
You may build your own SELKS ISO or simply download one of the ready-to-use ISOs below.
The ready-to-use SELKS ISOs are available in two editions: 1) with desktop interface and 2) without desktop interface.
| Feature (partial list) | SELKS | Scirius Probe Management | Scirius Enriched Hunting | Scirius Threat Radar |
|---|---|---|---|---|
| IDS administration for one probe | X | X | X | X |
| IDS ruleset management for one ruleset | X | X | X | X |
| Basic threat hunting on IDS events | X | X | X | |
| Real-time network traffic analysis | X | X | X | X |
| IDS administration for multiple probes | X | X | X | |
| IDS ruleset management for multiple rulesets | X | X | X | |
| Multiple Stamus Networks probes and/or Suricata sensors | X | X | X | |
| Automated health and wellness monitoring | X | X | X | |
| Automated application and OS updates | X | X | X | |
| Unified network threat hunting tool | X | X | ||
| Guided hunting that drives detection | X | X | ||
| Real-time correlation of IDS events, network traffic analysis and organizational data | X | X | ||
| Automated event classification and advanced tagging | X | X | ||
| Network definitions providing enhanced detection of lateral threat proliferation | X | X | ||
| Enriched data provides context and increase network visibility | X | X | ||
| Unique metadata for perspective and investigation | X | X | ||
| Metadata integration with SIEM, SOAR, and data lakes | X | X | ||
| Highest probability indicators mapped into the cyber kill chain | X | |||
| Unified threat detection results drive insightful threat detection algorithms from Stamus Networks | X | |||
| User defined algorithms detect high probability threats specific to your environment | X | |||
| Host fingerprinting details network services, user agents, host name and logged in users | X | |||
| Prioritizes high probability events to direct investigations | X | |||
| Proofpoint ETPro Ruleset bundle | X |
ABOUT STAMUS NETWORKS
Stamus Networks believes cybersecurity professionals should spend less time pouring through noisy alerts and more time mitigating risks by responding to real threats targeting their organization’s critical assets. Founded by the creators of the widely-deployed open-source SELKS platform, Stamus Networks offers Scirius Security Platform that collects event data from enhanced Suricata detection (IDS), real-time network traffic analysis (NTA) and organizational context into an advanced analytics engine to deliver a powerful network detection and response (NDR) solution.
© 2020 Stamus Networks, LLC. All rights Reserved.
