Suricata Based IDS/IPS Distro: SELKS

2018-11-20T23:12:03
ID N0WHERE:76259
Type n0where
Reporter N0where
Modified 2018-11-20T23:12:03

Description

SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. From start to analysis of IDS/IPS and NSM events in 30 sec. The name comes from its major components:

After starting or installing SELKS, you get a running Suricata intrusion and detection prevention system within a NSM platform, Kibana to analyze alerts and events, EveBox to correlate flows, archive/comment on events,reporting and pcap download. There is also Scirius to configure and manage the Suricata ruleset.

SELKS is released under GPLv3 license.

Prerequisites

Recommended initial test set up for SELKS is 2 CPUs 5 Gb RAM

The minimal configuration for production usage is 2 cores and 6 Gb of memory. As Suricata and Elastisearch are multithreaded, the more cores you have the better it is. Regarding memory, the more traffic to monitor you have, the more getting some extra memory will be interesting.

Usage and logon credentials

Default OS user:

  • user: selks-user
  • password: selks-user (password in Live mode is live )

The default root password is StamusNetworks

Suricata Based IDS/IPS Distro: SELKS wiki

Suricata Based IDS/IPS Distro: SELKS download