Cyber Security: SELKS
SELKS is a free, open-source, and turn-key Suricata network intrusion detection/protection system (IDS/IPS), network security monitoring (NSM) and threat hunting implementation created and maintained by Stamus Networks.
Released under GPL 3.0-or-later license, the live distribution is available as either a live and installable Debian-based ISO or via Docker compose on any Linux operating system.
SELKS is comprised of the following major components:
- Suricata - Ready to use Suricata
- Elasticsearch - Search engine
- Logstash - Log injection
- Kibana - Custom dashboards and event exploration
- Stamus Community Edition (CE) - Suricata ruleset management and Suricata threat hunting interface
In addition, SELKS now includes Arkime, EveBox and CyberChef.
What is Stamus Community Edition?
Stamus CE is the Stamus Networks open-source application that brings all these components together. Stamus CE provides the web interface for the entire system, giving you the ability to:
- Manage multiple Suricata rulesets and threat intelligence sources
- Upload and manage custom Suricata rules and IoC data files
- Hunt for threats using predefined filters and enhanced contextual views
- Apply thresholding and suppression to limit verbosity of noisy alerts
- View Suricata performance statistics and information about Suricata rule activity
- Apply Kibana, EveBox, and Cyberchef to the Suricata NSM and alert data
Who is SELKS for?
For many small-to-medium sized organizations, SELKS can be a suitable production-grade network security monitoring (NSM) and intrusion detection (IDS) solution.
And because all the data available in SELKS is generated by the Suricata engine, SELKS is widely used by network security practitioners, researchers, educators, students, and hobbyists to explore what is possible with Suricata IDS/IPS/NSM and the network protocol monitoring logs and alerts it produces.