A Turn-key Suricata-based IDS/NSM and Threat Hunting System
SELKS™ is a free, open-source, and turn-key Suricata network intrusion detection/protection system (IDS/IPS), network security monitoring (NSM) and threat hunting implementation created and maintained by Stamus Networks.
Released under GPL 3.0-or-later license, the live distribution is available as either a live and installable Debian-based ISO or via Docker compose on any Linux operating system.
Want to know what's in the latest version - SELKS 10 ? Check out this blog >>
Download the SELKS datasheet here >>
SELKS is comprised of the following major components:
Stamus CE is the Stamus Networks open-source application that brings all these components together. Stamus CE provides the web interface for the entire system, giving you the ability to:
For many small-to-medium sized organizations, SELKS can be a suitable production-grade network security monitoring (NSM) and intrusion detection (IDS) solution.
And because all the data available in SELKS is generated by the Suricata engine, SELKS is widely used by network security practitioners, researchers, educators, students, and hobbyists to explore what is possible with Suricata IDS/IPS/NSM and the network protocol monitoring logs and alerts it produces.
For enterprise scale applications, please review our commercial solution, Stamus Security Platform (SSP), described below.
Use the Docker Compose package to install SELKS in any LINUX environment and ensure you are including the very latest containers, including Evebox and Suricata.
Use the image with Desktop when you want a turnkey installation that includes the Debian x64 12 (Bookworm) Linux desktop environment. Can be deployed on bare metal hardware or VM.
Use the image without Desktop when you want a turnkey SELKS installation in a headless environment (based on Debian x64 12 Bookworm). Can be deployed on bare metal hardware or VM.
To access README documentation, issues tracker and the SELKS wiki, please visit our GitHub page here >>
To ask questions or ask for help, join our Discord server here >> %20PNG-1.png?width=50&name=Discord%20Logo%20(black)%20PNG-1.png)
While SELKS is a great system to test out the power of Suricata for intrusion detection and threat hunting, it was never designed to be deployed in an enterprise setting. For enterprise applications, please review our commercial solution, Stamus Security Platform.
To learn more about the differences between SELKS and our commercial solutions, download the white paper, Understanding SELKS and Stamus Commercial Platforms.
Stamus Security Platform (SSP) is the commercial network-based threat detection and response solution from Stamus Networks.
Available in two license tiers, SSP delivers:
Broad-Spectrum Threat Detection
Guided Threat Hunting and Incident Investigation
Enterprise Scale Management and Integration
See the table below for a summary comparison between SELKS and the Stamus Networks commercial offerings.
| Feature (partial list) | SELKS | Stamus Security Platform (Stamus ND) | Stamus Security Platform (Stamus NDR) |
|---|---|---|---|
| IDS administration for one probe | X | X | X |
| IDS ruleset management for one ruleset | X | X | X |
| Basic threat hunting on IDS events | X | X | X |
| Real-time network traffic analysis | X | X | X |
| IDS administration for multiple probes | X | X | |
| IDS ruleset management for multiple rulesets | X | X | |
| Multiple Stamus Networks probes and/or Suricata sensors | X | X | |
| Automated health and wellness monitoring | X | X | |
| Automated application and OS updates | X | X | |
| Unified network threat hunting tool | X | X | |
| Guided hunting that drives detection | X | X | |
| Real-time correlation of IDS events, network traffic analysis and organizational data | X | X | |
| Automated event classification and advanced tagging | X | X | |
| Network definitions - allows the user to label certain networks or IPs with organizationally-relevant names which SSP uses to enrich event data | X | X | |
| Enriched data provides context and increase network visibility | X | X | |
| Unique metadata for perspective and investigation | X | X | |
| Metadata integration with SIEM, SOAR, and data lakes | X | X | |
| Declarations of Compromise - high confidence events mapped into the cyber kill chain | X | ||
| Webhooks integration of Declarations of Compromise into SOAR, XDR, EDR or channel-based messaging app | X | ||
| Protocol transaction-based (non-signature) advanced threat detection | X | ||
| Sightings - events generated when a host accesses a new destination (domain or IP) for the first time | X | ||
| Beacon detection using machine learning | X | ||
| User-defined algorithms to trigger Declarations of Compromise specific to your environment | X | ||
| Host Insights - details network services, user agents, host name, logged-in users and all activity associated with every host | X | ||
| Stamus Networks proprietary threat intelligence feed (updated daily) | X |
ABOUT STAMUS NETWORKS ™
Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response.
© 2014-2024 Stamus Networks, Inc. All rights Reserved.
