<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Open Source Software from Stamus Networks

Developed by Stamus Networks, SELKS is a turnkey Suricata-based intrusion detection, intrusion prevention, and network security monitoring (IDS/IPS/NSM) system with its own graphical rule manager and basic threat hunting capabilities. SELKS is a Debian-based live distribution built from 5 key open source components that comprise its name – Suricata, Elasticsearch, Logstash, Kibana and Stamus Scirius Community Edition (Suricata Management and Suricata Hunting). In addition, it includes components from Arkime (formerly Moloch) and Evebox, which were added after the acronym was established.

SELKS with Scirius Community Edition

NEW with SELKS 6

  • New threat hunting interface. Improved new GUI with drill down and click-based filters based on Suricata alert data.
  • New dashboard views. Twenty-six (26) new/upgraded Kibana dashboards and hundreds of visualizations that correlate alert events to NSM data and vice versa. Examples of the new dashboards include updates to application layer anomalies, alerts, TLS and JA3/JA3S views.
  • Updated versions of each component. These include ELK stack (7.7.0), Suricata (6.0.0-dev), Debian (Buster), EveBox (1:0.11.1), Moloch/Arkime (2.2.3), and Scirius Community Edition (3.5.0)

Are you wondering if there is any value in upgrading to the Stamus ND or Stamus NDR, the commercial product offerings from Stamus Networks? Check out the platform pages on our website or download the white paper described below to learn more.

Learn more about Stamus NDR 

This white paper explores the differences between SELKS and Stamus NDR (formerly Scirius Security Platform) from seven major dimensions:

      • Enterprise scale and integration
      • Organization-specific context
      • Threat detection and hunting
      • Network traffic analysis
      • Event noise reduction
      • Total cost of ownership
      • Enterprise support
Download the White Paper Now

See the table below for a summary of the differences between SELKS and the Stamus Networks commercial offerings.

Feature (partial list) SELKS Stamus ND Stamus NDR
IDS administration for one probe X X X
IDS ruleset management for one ruleset X X X
Basic threat hunting on IDS events X X X
Real-time network traffic analysis X X X
IDS administration for multiple probes X X
IDS ruleset management for multiple rulesets X X
Multiple Stamus Networks probes and/or Suricata sensors X X
Automated health and wellness monitoring X X
Automated application and OS updates X X
Unified network threat hunting tool X X
Guided hunting that drives detection X X
Real-time correlation of IDS events, network traffic analysis and organizational data X X
Automated event classification and advanced tagging X X
Network definitions providing enhanced detection of lateral threat proliferation X X
Enriched data provides context and increase network visibility X X
Unique metadata for perspective and investigation X X
Metadata integration with SIEM, SOAR, and data lakes X X
Highest probability indicators mapped into the cyber kill chain X
Unified threat detection results drive insightful threat detection algorithms from Stamus Networks X
User defined algorithms detect high probability threats specific to your environment X
Host insight feature details network services, user agents, host name and logged in users X
Prioritizes high probability events to direct investigations X
Stamus Networks proprietary threat intelligence bundle (updated daily) X