SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. From start to analysis of IDS/IPS and NSM events in 30 sec. The name comes from its major components:
After starting or installing SELKS, you get a running Suricata intrusion and detection prevention system within a NSM platform, Kibana to analyze alerts and events, EveBox to correlate flows, archive/comment on events,reporting and pcap download. There is also Scirius to configure and manage the Suricata ruleset.
SELKS is released under GPLv3 license.
Recommended initial test set up for SELKS is 2 CPUs 5 Gb RAM
The minimal configuration for production usage is 2 cores and 6 Gb of memory. As Suricata and Elastisearch are multithreaded, the more cores you have the better it is. Regarding memory, the more traffic to monitor you have, the more getting some extra memory will be interesting.
Default OS user:
selks-user(password in Live mode is
The default root password is