SELKS

SELKS is a free and open source Debian (with LXDE X-window manager) based IDS/IPS platform released under GPLv3 from Stamus Networks.

It is comprised of the following major components:

• S – Suricata IDPS – http://suricata-ids.org/
• E – Elasticsearch – https://www.elastic.co/products/elasticsearch
• L – Logstash – https://www.elastic.co/products/logstash
• K – Kibana – https://www.elastic.co/products/kibana
• S – Scirius – https://github.com/StamusNetworks/scirius
• EveBox – https://evebox.org/

And it includes preconfigured dashboards like this one:

After starting or installing SELKS, you get a running Suricata intrusion and detection prevention system within an NSM platform, Kibana to analyze alerts and events, EveBox to correlate flows, archive/comment on events, reporting and pcap download. There is also Scirius to configure and manage the Suricata ruleset.

It has 13 default IDS dashboards –

• SN ALL
• SN ALERTS
• SN DNS
• SN FILE-Transactions
• SN FLOW
• SN HTTP
• SN IDS
• SN OVERVIEW
• SN SMTP
• SN SSH
• SN STATS
• SN TLS
• SN VLAN

Changelog v5 RC1

• Elasticsearch 6.5.3
• Logstash 6.5.3
• Kibana 6.5.3
• Moloch 1.6.2  –  The new SELKS makes use of Moloch and Moloch viewer to parse and view the full packet capture done by Suricata. Moloch comes with an arsenal of tools and features on its own like:
  • CyberChef
  • Extremely flexible and easy to use interface for FPC drill down, filtering,search and pcap export
• Scirius 3.1.0 CE
  • • Administration, ruleset and threat hunting management
    • Blazing fast drill down and search capability through millions of events with milliseconds response time
    • Easy filter and grouping of alerts
    • Any field and action is selectable and searchable
    • Select or negate filter
    • Order and set up your own threat hunting dashboard in seconds with drag and drop functionality
  

  Scirus Alerting rules event details

• Suricata  – always latest git edition and features available.
• SELKS scripts upgrade
  • available now system-wide in “/usr/bin”
  • Full packet Capture retention policy – thanks Joren0494
• Thank you for all the major community contributors form the community
• Debian – always thankful!
• EveBox – always the latest and very thankful for your support and extremely fast bug fixing and feature addition

Download && Tutorial