Stamus Network SELKS 7 offers enhanced threat hunting capabilities
Stamus Networks has released SELKS 7 – a major turnkey system upgrade based on Suricata Intrusion Detection/Prevention (IDS/IPS) and Network Security Monitoring (NSM) with a console hunting Integrated network threats and a graphical ruleset/threat intelligence feed manager.
SELKS is now available as a portable Docker Compose package or as turnkey installation images (ISO files). Each option includes five key open source components that make up its name – Suricata, Elasticsearch, Logstash, Kibana, and Scirius Community Edition (Suricata Management and Suricata Hunting from Stamus Networks). Additionally, SELKS includes components from Arkime, EveBox, and Cyberchef that were added after the acronym was created.
“We are excited to make SELKS 7 officially available and in a package that enables rapid deployment on any Linux or Windows operating system in a virtual or cloud environment,” said Peter Manev, co-founder and director of Stamus’ strategy. Networks. “The improved threat hunting interface and incident response dashboards, along with the new Docker package, make SELKS even more accessible to people who want to explore the power of Suricata without investing in a commercial solution.”
First introduced in 2014, the SELKS 7 release represents the latest incarnation of the open source system from Stamus Labs, the open source and threat intelligence division of Stamus Networks. This version includes several improvements over its predecessors, including:
- Docker package. In addition to pre-packaged Debian Linux-based ISO images, SELKS is now available as a Docker Compose package that allows SELKS to be installed on virtually any Linux or Windows system, without requiring an installation process. heavy installation. And the docker-based architecture makes it faster and easier to deploy a new SELKS machine with specific versions of each component.
- Fully automated PCAP proofreading. Allows SELKS to easily ingest and replay PCAP directly, enabling rapid detailed analysis in training or education applications.
- Improved threat hunting filter sets. Thirty-eight (38) new or updated out-of-the-box threat hunting filters that help the user quickly search Suricata alert and NSM data for shadow IT, policy violations and suspicious activities.
- Integrated cyber chef. Allows the user to apply Cyberchef data encoding, decoding and analysis to events, protocol transactions and flow records created by Suricata.
- Additional Kibana Dashboards. Six (6) new dashboards for network visibility and hunting with new support for the following protocols: SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT and DCERPC. Additionally, there is a new dashboard to help those working on solving SANS Institute challenges.
ELKS is a contribution of Stamus Networks to the open source community and is released, free of charge, under the GNU GPLv3 license as ISO images, Docker package or source code.
Kelley Misata, PhD, President and Executive Director of the Open Information Security Foundation (OISF) also believes that SELKS 7 represents significant advancements for the Suricata user community. “We are excited to see the continued evolution of this important Suricata showcase platform. For many years we have used SELKS in our training courses due to its ability to showcase the power of Suricata for IDS. and introductory network threat research based on protocol transactions and stream data,” Misata said. “And we’re thrilled the Stamus team is bringing it to the global Suricata community.”