SELKS is a free, open-source, and turn-key Suricata network intrusion detection/protection system (IDS/IPS), network security monitoring (NSM) and threat hunting implementation created and maintained by Stamus Networks.
Released under GPLv3 license, the live distribution is available as either a live and installable Debian-based ISO or via Docker compose on any Linux operating system.
Read the press release detailing the about the latest version of SELKS - SELKS 7 >>
SELKS is comprised of the following major components:
In addition, SELKS now includes Arkime, EveBox and CyberChef.
Scirius CE is the Stamus Networks open-source application that brings all these components together. Scirius provides the web interface for the entire system, giving you the ability to:
For many small-to-medium sized organizations, SELKS can be a suitable production-grade network security monitoring (NSM) and intrusion detection (IDS) solution.
And because all the data available in SELKS is generated by the Suricata engine, SELKS is widely used by network security practitioners, educators, and hobbyists to explore what is possible with Suricata IDS/IPS/NSM and the network protocol monitoring logs and alerts it produces.
For enterprise scale applications, please review our commercial solution, Stamus Security Platform (SSP), described below.
While SELKS is a great system to test out the power of Suricata for intrusion detection and threat hunting, it was never designed to be deployed in an enterprise setting. For enterprise applications, please review our commercial solution, Stamus Security Platform.
To learn more about the differences between SELKS and our commercial solutions, download the white paper, Understanding SELKS and Stamus Commercial Platforms.
Stamus Security Platform (SSP) is the commercial network-based threat detection and response solution from Stamus Networks. While it retains much of the same look and feel as SELKS, SSP is a completely different system and requires a new software installation.
Available in two license tiers, SSP delivers:
Broad-Spectrum Threat Detection
Guided Threat Hunting and Incident Investigation
Enterprise Scale Management and Integration
See the table below for a summary comparison between SELKS and the Stamus Networks commercial offerings.
|Feature (partial list)||SELKS||Stamus Security Platform (Stamus ND)||Stamus Security Platform (Stamus NDR)|
|IDS administration for one probe||X||X||X|
|IDS ruleset management for one ruleset||X||X||X|
|Basic threat hunting on IDS events||X||X||X|
|Real-time network traffic analysis||X||X||X|
|IDS administration for multiple probes||X||X|
|IDS ruleset management for multiple rulesets||X||X|
|Multiple Stamus Networks probes and/or Suricata sensors||X||X|
|Automated health and wellness monitoring||X||X|
|Automated application and OS updates||X||X|
|Unified network threat hunting tool||X||X|
|Guided hunting that drives detection||X||X|
|Real-time correlation of IDS events, network traffic analysis and organizational data||X||X|
|Automated event classification and advanced tagging||X||X|
|Network definitions - allows the user to label certain networks or IPs with organizationally-relevant names which SSP uses to enrich event data||X||X|
|Enriched data provides context and increase network visibility||X||X|
|Unique metadata for perspective and investigation||X||X|
|Metadata integration with SIEM, SOAR, and data lakes||X||X|
|Declarations of Compromise - high confidence events mapped into the cyber kill chain||X|
|Webhooks integration of Declarations of Compromise into SOAR, XDR, EDR or channel-based messaging app||X|
|Protocol transaction-based (non-signature) advanced threat detection||X|
|Sightings - events generated when a host accesses a new destination (domain or IP) for the first time||X|
|Beacon detection using machine learning||X|
|User-defined algorithms to trigger Declarations of Compromise specific to your environment||X|
|Host Insights - details network services, user agents, host name, logged-in users and all activity associated with every host||X|
|Stamus Networks proprietary threat intelligence feed (updated daily)||X|
ABOUT STAMUS NETWORKS
Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. A global provider of high-performance network-based threat detection and response systems, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our solutions are advanced network detection and response systems that expose serious and imminent threats to critical assets and empower rapid response.
© 2014-2022 Stamus Networks, LLC. All rights Reserved.