This first edition of SELKS 4 is available from Stamus Networks thanks to a great and helpful feedback from our open source community - Thank you! This new major release features a version jump for all the main software stacks. Suricata switches from 3.2 to 4.0, Elastic stack is ugpraded from 2.5 to 5.5 and even Debian is now Stretch, the latest stable release.
SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. Stamus Networks is a proud member of the Open Source community and SELKS is released under GPLv3 license.
This is a major new release featuring all components upgrade and of course latest Suricata.
New Features
- Suricata IDS/IPS/NSM 4.0.x - latest Suricata packaged with Hyperscan enabled for extra performance boost. The latest edition of Suricata among many fixes and improvements includes:
- extra alert data like for example http body added to the alert json logs wherever available
- protocol renegociation which means STARTTLS and CONNECT support
- Major upgrade from Elasticsearch/Kibana/Logtsash (ELK) 2.x to the ELK 5 stack making available a ton of new features and enhancements.
- Scirius 1.2.4 - bugfixes, better correlation capability with EveBox and introduction of IPS rules support.
- Evebox - many new features including reporting and comments on the log events.
- Debian Stretch - All new OS features, kernel and tools.
As always - as a Stamus Networks extra sauce the latest stable kernel (4.12.8 at the time of this writing) is available for install if you wish.
Download
To download SELKS 4:
- SELKS with desktop: Torrent, HTTP (MD5sum: 70783e4d441932103c3410c0b778b401)
- SELKS without desktop: Torrent, HTTP (MD5sum: 335e31cd2b3a864f432c7d57efe007cd)
Usage
To remotely access the web management interface :
Usage and logon credentials (OS and web management user)
- user:
selks-user
- password:
selks-user (password in Live mode is live)
The default root password is StamusNetworks
Visual tour
Some visuals to give you a glimpse of the things you can do with SELKS.
Scirius - ruleset manager and dashboard central management console.
Scirius - rule availability by ruleset information.
Scirius- "google" search your rules
Dashboards - mail attachments
Dashboards - mail application supplemental info
Dashboards - DNS geoip heat map
Dashboards - VLAN supplemental info
Dashboards - availability of full events correlation via EveBox and Scirius
Dashboards - extra http data for better visibility.
Dashboards - ssh data available for drill/break downs as well.
Dashboards - dns events at a glance
Dashboards - alert supplemental log information.
Dashboards - valuable break down of alert data information.
Dashboards - break down of http user agents that have generated alerts
EveBox - alert comments availability.
Howto
Upgrade from SELKS 3
To upgrade your existing SELKS 3 to SELKS 4 preview, please refer to SELKS-3.0-to-SELKS-4.0-upgrades wiki page.
Create your own ISO
SELKS 4 is available for download ready to use (as explained at the beginning of the article).
However - if you want to you can create and/or customize your own SELKS 4 ISO
Once installed
Feedback is welcome
Any feedback as always is greatly appreciated! :)
Give us feedback and get help on:
Thank you!
