Stamus Networks has published a release of a specialized distribution kit SELKS 7.0, designed to deploy systems for detecting and preventing network intrusions, as well as responding to identified threats and monitoring network security. Users are provided with a turnkey network security management solution that can be used immediately after download. The distribution supports working in Live mode and running in virtualization environments or containers. The developments of the project are distributed under the GPLv3 license. The size of the boot image is 3 GB.
The system is built on a package base Debian and the open-source IDS platform Suricata. Data is processed using Logstash and stored in ElasticSearch storage. A web interface built on top of Kibana is provided for monitoring the current status and detected incidents. The Scirius CE web interface is used for rule management and visualization of associated activity. The system also includes the Arkime packet capture system, the EveBox event evaluation interface, and the CyberChef data analyzer.
In addition to updating the package base, the following improvements are highlighted in the new version:
- Forming a package for deployment in container isolation systems that support Docker.
- A fully automated activity replay system based on stored logs in PCAP format, which can be used to check the performance of implemented protection measures, to analyze incidents, or in the learning process.
- The set of filters for detecting cyber threats (threat hunting) has been expanded and improved, allowing you to quickly detect malicious activity and violations of access rules by searching Suricata and NSM (Network Security Monitor) logs.
- The CyberChef package is integrated, which allows you to encode, decode and analyze data related to events, protocols and records created by Suricata.
- 6 new sections have been added to the Kibana interface for visualizing and monitoring activity related to SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT and DCERPC protocols.
Source: opennet.ru
