Stamus Networks is proud to announce the availability of Scirius 1.2.0. This release of our Suricata ruleset management interface comes after 4 months of development bringing two new major features: rules transformations to manage IPS and users activity logging to ease collaboration.
Rules transformation
With rules transformations, Scirius can now manage Suricata in IPS mode but also add the filestore option to specific rules allowing the user to transform existing rules coming from feed in rules realizing file extraction.
A signature can be transformed per ruleset to a drop
or reject
rule as shown in the following capture:
The filestore
transformation will trigger file extraction by Suricata in case of alert. This allows user to have file extraction without the need of cloning existing rules.
User activity logging
The second big new feature is user activity logging. It is now possible to comment actions. A team collaboring on the same Scirius can now comment actions such as disabling a rule or adding a threshold.
It is also possible to simply comment on a rule.
All these features are already available in Scirius Enterprise and Amsterdam and will be available in SELKS in the coming days.