SELKS (Suricata Elasticsearch Logstash Kibana Scirius) is a freely distributed and open source computer operating system derived from the award winning Debiand GNU/Linux distribution and built around the well known Suricata network monitoring and IPS/IDS system. It is described by its developers as a live and installable Network Security Management.
Distributed as a 64-bit Live DVD
The operating system is distributed as a Live DVD ISO image that has approximately 900 MB in size and contains software packages optimized only for 64-bit (x86_64) instruction set architectures. This means that you will need a 64-bit computer in order to use the SELKS distro.
Live DVD boot options
The Live DVD boot menu includes various useful options, such as the ability to start the live system with normal configuration or in failsafe mode, as well as to start the text-mode or graphical installers directly. Some advanced boot options are also included, such as the ability to view detailed information about your computer’s hardware components, using HDT (Hardware Detection Tool).
LXDE is in charge of the graphical environment
The SELKS Linux distribution uses the lightweight and ultra-fast LXDE desktop environment, which provides a traditional, easy-to-use and familiar graphical environment, comprised of a single panel located on the bottom edge of the screen.
The panel can be used to navigate the main menu, cycle between virtual workspaces, launch frequently used apps, interact with running programs or access the system tray area. Default application include the Iceweasel web browser, Wireshark network scanner and Midnight Commander file manager.
What SELKS means?
SELKS means nothing in English or other language! The name of the distribution is based on the first letters of the main components it is built on - Suricata, Elasticsearch, Logstash, Kibana and Scirius. The latter is a web-based management interface for Suricata, developed by the same team of developers who delivered the Linux distribution reviewed here.
What is new in this release:
- Suricata IDS/IPS/NSM - Suricata 3.1.1 packaged.
- Elasticsearch 2.3.5 - latest available ES edition featuring speed, scalability, security improvements and more.
- Logstash 2.3.4 - performance improvement ES 2.3 compatability, dynamically reload pipelines on the fly and more
- Kibana 4.5.4 - taking advantage of the latest features and performance improvement of ES
- Scirius 1.1.10 - support for xbits, hostbits, thresholding, suppression, backup and more
- Evebox - alert management/viewer/report interface for Suricata/ES allowing easy export of payload/packets into pcaps
- 4.4.x longterm kernel - SELKS 3.0 comes by default with 4.4.16 kernel.
- Dashboards - reworked dashboards with flow and rule correlation capability.
What is new in version 1.0:
- SELKS 1.0 comes with 10 pre-installed Kibana IDS/NSM dashboards. They cover analysis of the Suricata alerts and events with per-protocol dashboards (Alerts, HTTP, Flow, SSH, TLS,DNS ...). Some dashboards are also dedicated to more specific tasks - like the PRIVACY dashboard.
- It shows privacy related information such as which page are leading to well know personal data providers such as Facebook, Twitter or Google.
- SELKS provides Scirius - a rules management interface for Suricata. Scirius has been developed by Stamus Networks to provide interaction with Kibana and Elasticsearch. It displays for example statistics on rules and links to existing Kibana dashboards.
- Scirius provides up-to-date signatures via EmergingThreats Open (or PRO ) ruleset and SSL abuse.ch signatures.
- Scirius can be upgraded via standard Debian method (apt-get upgrade). Stamus Networks is also determined to provide the latest stable Debian kernel release for SELKS. Upgrade to the latest stable kernel is easy via the package system. For example, it is possible for the user running the installed version to upgrade the kernel to the latest 3.14 version.
Comments not found