Our Blog

Stamus Networks is proud to announce the release 0.3 of Scirius, our web interface for Suricata ruleset management.

The interface has been redesigned for more compacity and clarity:
Screenshot from 2014-05-19 11:21:00

Two major features have been added:

  • Support of local rules: User can now upload rules contained in an archive
  • Fast suppression of rules: two clicks are enough to suppress one rule

It is now also possible to select the time period selection on rules activity:

Screenshot from 2014-05-19 11:28:07

 

Please note, the rules with sid 220029 on the screenshot. It is displayed strikethrough because it has been suppressed from the ruleset.

Here’s a screencast showing how easy it is to suppress a noisy rule from a ruleset:

With all these new features, we think that Scirius can now be efficiently used to administrate a Suricata ruleset.

Stamus Networks is happy to release Scirius as Open Source Software under GPLv3. You can download it from GitHub : scirius-0.3.tar.gz.

 

 

Stamus Networks is proud to announce the first release of Scirius, its Suricata ruleset web management interface.

Scirius is a web management interface developed by Stamus Networks and released under the GPLv3 license. The interface is aiming simplicity and efficiency and that’s why we have adopted a simple design:

Screenshot from 2014-05-03 11:25:06

It is possible to link Scirius with a running Elasticsearch fed by Suricata EVE JSON log. Once done, information stored in the Elasticsearch can be used to get an idea of the activity of the Suricata. The following screenshot is an example of statistics fetched from Elasticsearch and displayed in Scirius:

Rules activity

Scirius is currently in alpha stage but it is already possible to manage efficiently a Suricata ruleset using ETOpen or ETPro ruleset. For example, the following video is demonstrating how it is possible to remove a selected subset of signatures from the ruleset:

Scirius is available on Github. Following releases of Scirius will feature among other things the support for local signatures (uploaded by the user) and some missing operations such as quick removal of individual signature.

I’ve given a talk entitled “Suricata 2.0, Netfilter and the PRC” at the Hackito Ergo Sum conference.

The talk is presenting Suricata and the new features available in version 2.0, focusing on the new EVE output and how it can be used with Elasticsearch, Logstash and Kibana. I’ve also shown how ulogd, the Netfilter logging daemon can be used with Elasticsearch thanks to the new JSON output plugin. Finally, I’ve explained how I’ve discovered a attack schema which is originating from systems running in the People Republic of China.

You can get the slides here: Suricata 2.0, Netfilter and the PRC

This is the first blog post on Stamus Networks technical blog. You will find here posts focused on Intrusion Detection System and Network Security Monitoring as well as information specific to Suricata or our products.