Few days ago, Stamus Networks released through a publication the launch of la new version of the specialized distribution «SELKS 7.0» which is designed to implement systems to detect and prevent network intrusions, as well as to respond to identified threats and monitor network security.
For those unfamiliar with the system, you should know that SELKS is built on the basis of the Debian package and the Suricata open IDS platform, whose name is also an acronym referring to the main tools that make up this system.
SELKS It consists of the following main components:
- Meerkat – Meerkat ready to go
- Elasticsearch – Search Engine
- Logstash – Log Injection
- Kibana: custom panels and event exploration
- Scirius CE: Suricata ruleset management and Suricata threat hunting interface
Additionally, SELKS now includes Arkime, EveBox, and CyberChef.
With all this set of tools, they work together, since the data is processed by Logstash and stored in ElasticSearch storage and to track the current status and identified incidents, a web interface implemented on top of Kibana is offered.
The Scirius CE web interface is used to manage the rules and view the activity associated with them. It also includes the Arkime packet capture system, the EveBox event evaluation interface, and the CyberChef data analyzer.
Users receive a turnkey network security management solution that can be used immediately after download.
Main novelties of SELKS 7.0
In this new version of SELKS 7.0 that is presented, it is highlighted that now is available as a portable Docker Compose package or as turnkey installation images (ISO files).
With that, each option now includes five key open source components that make up its name: Suricata, Elasticsearch, Logstash, Kibana, and Scirius Community Edition (Suricata Management and Suricata Hunting from Stamus Networks). Additionally, SELKS includes components from Arkime, EveBox, and Cyberchef that were added after the acronym was established.
“We are excited to make SELKS 7 officially available and in a package that makes it possible to rapidly deploy it on any Linux or Windows operating system, whether in a virtual environment or in the cloud,” said Peter Manev, co-founder and chief strategy officer of Stamus. Networks. "The improved threat hunting interface and incident response dashboards along with the new Docker package make SELKS even more accessible to people who want to explore the power of Suricata without investing in a commercial solution."
Another of the changes that stand out in this new version is a fully automated activity playback system based on saved logss in PCAP format, which can be used to test the performance of implemented protection measures, for incident analysis or in the learning process.
It is also highlighted that the set of filters for detecting cyber threats has been expanded and improved (threat hunting), which allows to quickly identify malicious activities and violations of access rules by searching Suricata and NSM (Network Security Monitor) logs.
On the other hand, we can also find that it integrates the CyberChef package, which allows you to encode, decode and analyze data related to events, the operation of protocols and records created by Suricata.
In addition to this, it is also highlighted in the announcement of this new version that 6 new sections have been added to the Kibana interface to view and monitor activity related to SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT, and DCERPC protocols.
Finally for those interested in knowing more about itYou can check the details in the following link
Download and get SELKS
For those who are interested in being able to download this distribution, they should know that the distribution supports working in Live mode and running in virtualization or container environments. The developments of the project are distributed under the GPLv3 license.
The size of the boot image is 3 GB and you can get it from the link below.