This first edition of SELKS 4 is available from Stamus Networks thanks to a great and helpful feedback from our open source community - Thank you! This new major release features a version jump for all the main software stacks. Suricata switches from 3.2 to 4.0, Elastic stack is ugpraded from 2.5 to 5.5 and even Debian is now Stretch, the latest stable release.
SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. Stamus Networks is a proud member of the Open Source community and SELKS is released under GPLv3 license.
This is a major new release featuring all components upgrade and of course latest Suricata.
New Features
- Suricata IDS/IPS/NSM 4.0.x - latest Suricata packaged with Hyperscan enabled for extra performance boost. The latest edition of Suricata among many fixes and improvements includes:
- extra alert data like for example http body added to the alert json logs wherever available
- protocol renegociation which means STARTTLS and CONNECT support
- Major upgrade from Elasticsearch/Kibana/Logtsash (ELK) 2.x to the ELK 5 stack making available a ton of new features and enhancements.
- Scirius 1.2.4 - bugfixes, better correlation capability with EveBox and introduction of IPS rules support.
- Evebox - many new features including reporting and comments on the log events.
- Debian Stretch - All new OS features, kernel and tools.
As always - as a Stamus Networks extra sauce the latest stable kernel (4.12.8 at the time of this writing) is available for install if you wish.
Download
To download SELKS 4:
- SELKS with desktop: Torrent, HTTP (MD5sum: 70783e4d441932103c3410c0b778b401)
- SELKS without desktop: Torrent, HTTP (MD5sum: 335e31cd2b3a864f432c7d57efe007cd)
Usage
To remotely access the web management interface :
- https://your.selks.IP.here/ - Scirius ruleset management and a central point for all dashboards and EveBox alert and event management.
Usage and logon credentials (OS and web management user)
- user:
selks-user - password:
selks-user(password in Live mode islive)
The default root password is StamusNetworks
Visual tour
Some visuals to give you a glimpse of the things you can do with SELKS.
Scirius - ruleset manager and dashboard central management console.
Scirius - rule availability by ruleset information.
Scirius- "google" search your rules
Dashboards - mail attachments
Dashboards - mail application supplemental info
Dashboards - DNS geoip heat map
Dashboards - VLAN supplemental info
Dashboards - availability of full events correlation via EveBox and Scirius
Dashboards - extra http data for better visibility.
Dashboards - ssh data available for drill/break downs as well.
Dashboards - dns events at a glance
Dashboards - alert supplemental log information.
EveBox reporting
Dashboards - valuable break down of alert data information.
Dashboards - break down of http user agents that have generated alerts
EveBox - alert comments availability.
Howto
Upgrade from SELKS 3
To upgrade your existing SELKS 3 to SELKS 4 preview, please refer to SELKS-3.0-to-SELKS-4.0-upgrades wiki page.
Create your own ISO
SELKS 4 is available for download ready to use (as explained at the beginning of the article).
However - if you want to you can create and/or customize your own SELKS 4 ISO
Once installed
- Please refer to Initial Setup section of the documentation
- Keep your SELKS up to date
- Recommended initial set up for SELKS 4.0 is 2CPUs 5-6Gb RAM
- If you need to reset/reload all the dashboards - you can do like so
- In Scirius on the top left corner drop down menu select System Settings
- click on the Kibana tab
- choose Reset SN dashboards
Feedback is welcome
Any feedback as always is greatly appreciated! :)
Give us feedback and get help on:
- Freenode IRC on the #SELKS channel
- Google Mailing list
Thank you!
