{"id":13540158,"url":"https://github.com/stamusnetworks/selks","last_synced_at":"2025-04-02T06:32:05.538Z","repository":{"id":17055247,"uuid":"19819796","full_name":"StamusNetworks/SELKS","owner":"StamusNetworks","description":"A Suricata based IDS/IPS/NSM distro","archived":false,"fork":false,"pushed_at":"2024-08-12T15:21:11.000Z","size":10942,"stargazers_count":1520,"open_issues_count":211,"forks_count":286,"subscribers_count":99,"default_branch":"master","last_synced_at":"2025-04-01T19:36:48.991Z","etag":null,"topics":["distribution","gui","ids","ips","linux","management","monitoring","network","network-intrusion-detection","network-security","security","security-monitoring","suricata","threat-hunting","user-interface"],"latest_commit_sha":null,"homepage":"https://www.stamus-networks.com/open-source/#selks","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/StamusNetworks.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-05-15T13:13:50.000Z","updated_at":"2025-03-31T10:54:22.000Z","dependencies_parsed_at":"2024-01-24T12:45:54.729Z","dependency_job_id":"2b8cafc2-1749-4bb1-a6fa-e20517d2dd65","html_url":"https://github.com/StamusNetworks/SELKS","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StamusNetworks%2FSELKS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StamusNetworks%2FSELKS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StamusNetworks%2FSELKS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StamusNetworks%2FSELKS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/StamusNetworks","download_url":"https://codeload.github.com/StamusNetworks/SELKS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246768388,"owners_count":20830657,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["distribution","gui","ids","ips","linux","management","monitoring","network","network-intrusion-detection","network-security","security","security-monitoring","suricata","threat-hunting","user-interface"],"created_at":"2024-08-01T09:01:41.706Z","updated_at":"2025-04-02T06:32:05.520Z","avatar_url":"https://github.com/StamusNetworks.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"946d766c6a0fb23b480ff59d4029ec71\"\u003e\u003c/a\u003e防护\u0026\u0026Defense","\u003ca id=\"0abd611fc3e9a4d9744865ca6e47a6b2\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"ff3e0b52a1477704b5f6a94ccf784b9a\"\u003e\u003c/a\u003eIDS\u0026\u0026IPS"],"readme":"=====\nSELKS\n=====\n\nIntro\n=====\n\nSELKS is a free and open source Debian-based IDS/IPS/Network Security Monitoring platform \nreleased under GPLv3 from Stamus Networks (https://www.stamus-networks.com/). \n\nSELKS can be installed via docker compose on any Linux or Windows OS. Once installed it is \nready to use out of the box solution.\n\nSELKS ISOs are also available for air gapped environment or bare metal or VM installation. \n\n\n.. image:: doc/images/Hunt-Filtersets-1.png\n    :alt: SELKS 7\n    :align: center\n\nSELKS is comprised of the following major components:\n\n* S - Suricata IDPS/NSM - https://suricata.io/\n* E - Elasticsearch - https://www.elastic.co/products/elasticsearch\n* L - Logstash - https://www.elastic.co/products/logstash\n* K - Kibana - https://www.elastic.co/products/kibana\n* S - Scirius - https://github.com/StamusNetworks/scirius\n* EveBox - https://evebox.org/\n* Arkime - https://arkime.com/\n* CyberChef - https://github.com/gchq/CyberChef\n\nThe acronym was established before the addition of Arkime, EveBox and CyberChef.  \n\nAnd it includes preconfigured dashboards like this one:\n\n.. image:: doc/images/Overview-1.png\n    :alt: Example view\n    :align: center\n\nWhat is SELKS\n=============\n\nSuricata\n--------\n\nSELKS is a showcase of what Suricata IDS/IPS/NSM can do and the network protocol monitoring logs and alerts it produces. As such any and all data in SELKS is generated by Suricata: \n\n.. image:: doc/images/Suricata-Generated-Eventsv2-source.webp\n    :alt: Suricata\n    :align: center\n\nThreat Hunting\n--------------\n\nThe usage of Suricata data is further enhanced by Stamus' developed Scirius, a threat hunting interface. The interface is specifically designed for Suricata events and combines a drill down approach to pivot for quick exploration of alerts and NSM events. It includes predefined hunting filters and enhanced contextual views:\n\n.. image:: doc/images/Hunt-context-1.png\n    :alt: Stamus\n    :align: center\n\n.. image:: doc/images/Hunt-Context-2.png\n    :alt: Stamus\n    :align: center\n\nLogs\n----\n\nAn example subset (not complete) of raw JSON logs generated by Suricata `can be found here \u003chttps://github.com/StamusNetworks/SELKS/tree/master/doc/example-logs\u003e`_. \n\nInformation\n-----------\n\nIf you are a new to Suricata, you can read a series of articles we wrote about `The other side of Suricata \u003chttps://www.stamus-networks.com/blog/the-other-side-of-suricata\u003e`_.\n\nDashboards\n----------\n\nSELKS has by default over 28 default dashboards, more than 400 visualizations and 24 predefined searches available.\n\nHere is an extract of the dashboards list: SN-ALERTS, SN-ALL, SN-ANOMALY, SN-DHCP, SN-DNS, SN-DNP3, SN-FILE-Transactions, SN-FLOW, SN-HTTP, SN-HUNT-1, SN-IDS, SN-IKEv2, SN-KRB5, SN-MQTT, SN-NFS, SN-OVERVIEW, SN-RDP, SN-RFB, SN-SANS-MTA-Training, SN-SIP, SN-SMB, SN-SMTP, SN-SNMP, SN-SSH, SN-STATS, SN-TLS, SN-VLAN, SN-TFTP, SN-TrafficID\n\nAdditional visualizations and dashboards are also available in the ``Events viewer`` (EveBox).\n\nGetting SELKS\n=============\n\nPrerequisites\n-------------\n\nThe minimal configuration for production usage is 2 cores and 9 Gb of memory. As Suricata\nand Elastisearch are multithreaded, the more cores you have the better it is.\nRegarding memory, the more traffic to monitor you have, the more getting some extra memory will be interesting.\n\nDocker\n------\n\nYou can spin up SELKS on any Linux or Windows OSes in minutes via docker compose. See `Docker Installation \u003chttps://github.com/StamusNetworks/SELKS/wiki/Docker\u003e`_.\n\nISO\n---\n\nFor air gapped environement or full OS installation, see `SELKS ISO Setup \u003chttps://github.com/StamusNetworks/SELKS/wiki/Docker-ISO-setup\u003e`_.\n \nUsage and logon credentials\n===========================\n\nYou need to authenticate to access to the web interface(see the ``HTTPS access`` section below ). The default user/password is ``selks-user/selks-user`` (including through the Dashboards or Scirius desktop icons).\nYou can change credentials and user settings by using the top left menu in Scirius.  \n\nFor the ISO users\n-----------------\n\nDefault OS user:\n\n* user: ``selks-user``\n* password: ``selks-user`` (password in Live mode is ``live``)\n\nThe default root password is ``StamusNetworks``\n\nHTTPS access\n============\n\nIf you wish to remotely (from a different PC on your network) access the \ndashboards you could do that as follows (in your browser):\n\n* https://your.selks.IP.here/ - Scirius ruleset management and a central point for all dashboards and EveBox\n\nYou need to authenticate to access to the web interface. The default user/password is the\nsame as for local access: ``selks-user/selks-user``. Don't forget to change credentials at first\nlogin. You can do that by going to ``Account settings`` in the top left dropdown menu of\nScirius.\n\nGetting help\n============\n\nYou can get more information on SELKS wiki: https://github.com/StamusNetworks/SELKS/wiki\n\nYou can get help about SELKS on our Discord channel https://discord.gg/h5mEdCewvn\n\nIf you encounter a problem, you can open a ticket on https://github.com/StamusNetworks/SELKS/issues\n\nEnterprise scale Deployments\n============================\n\nWhile SELKS is suitable as a production network security solution in small to medium sized organizations and is a great system to test out the power of Suricata for intrusion detection and threat hunting, it was never designed to be deployed in an enterprise setting. For enterprise applications, please review our commercial solution, Stamus Security Platform (SSP).\n\nStamus Security Platform (Commercial Solution)\n==============================================\nStamus Security Platform (SSP) is the commercial network-based threat detection and response solution from Stamus Networks. While it retains much of the same look and feel as SELKS, SSP is a completely different system and requires a new software installation.\n\nAvailable in two license tiers, SSP delivers:\n\nBroad-Spectrum Threat Detection\n-------------------------------\n* Multiple detection mechanisms from machine learning, anomaly detection, and signatures\n* High-fidelity “Declarations of Compromise” with multi-stage attack timeline\n* Weekly threat intelligence updates from Stamus Labs\n\nGuided Threat Hunting and Incident Investigation\n------------------------------------------------\n* Advanced guided threat hunting filters\n* Host insights tracks over 60 security-related attributes\n* Easily convert hunt results into custom detection logic\n* Explainable and transparent results with evidence\n\nEnterprise Scale Management and Integration\n-------------------------------------------\n* Automated classification and alert triage\n* Management of multiple probes from single console\n* Seamless integration with SOAR, SIEM, XDR, EDR, IR\n* Multi-tenant operation\n* Configuration backup and restoration \n\n\nMore Information about SSP\n==========================\n\nVisit `this page to request a demo of SSP \u003chttps://www.stamus-networks.com/demo\u003e`_\n\nTo learn more about the differences between SELKS and our commercial solutions, please read through \"*Understanding SELKS and Stamus Commercial Platforms*\" `Download the white paper here. \u003chttps://www.stamus-networks.com/hubfs/Library/Documents%20(PDFs)/StamusNetworks-WP-SELKS-SSP-092021-1.pdf\u003e`_\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstamusnetworks%2Fselks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstamusnetworks%2Fselks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstamusnetworks%2Fselks/lists"}