Cyber Security: SELKS: Difference between revisions

SELKS is a free, open-source, and turn-key Suricata network intrusion detection/protection system (IDS/IPS), network security monitoring (NSM) and threat hunting implementation created and maintained by Stamus Networks.

Released under GPL 3.0-or-later license, the live distribution is available as either a live and installable Debian-based ISO or via Docker compose on any Linux operating system.

SELKS is comprised of the following major components:

• Suricata - Ready to use Suricata
• Elasticsearch - Search engine
• Logstash - Log injection
• Kibana - Custom dashboards and event exploration
• Stamus Community Edition (CE) - Suricata ruleset management and Suricata threat hunting interface

In addition, SELKS now includes Arkime, EveBox and CyberChef.

Stamus CE is the Stamus Networks open-source application that brings all these components together. Stamus CE provides the web interface for the entire system, giving you the ability to:

• Manage multiple Suricata rulesets and threat intelligence sources
• Upload and manage custom Suricata rules and IoC data files
• Hunt for threats using predefined filters and enhanced contextual views
• Apply thresholding and suppression to limit verbosity of noisy alerts
• View Suricata performance statistics and information about Suricata rule activity
• Apply Kibana, EveBox, and Cyberchef to the Suricata NSM and alert data

• Cyber Security: SELKS Install ISO