SELKS
SELKS è una distribuzione Linux basata su Debian e prodotta da Stamus Networks specializzata nel network security management. Fornisce un completo e pronto all’uso ecosistema Suricata IDS/IPS, nonchè Kibana IDS/NSM e Scirius.
Versione 3.7
Questa versione contiene (in Inglese):
- Docker package. In addition to pre-packaged Debian Linux-based ISO images, SELKS is now available as a Docker Compose package that allows SELKS to be installed on virtually any Linux or Windows system, without requiring a heavy installation process. And the docker-based architecture makes it faster and easier to deploy a new SELKS machine with specific versions of each component.
- Fully automated PCAP replay. Allows SELKS to ingest and replay PCAP directly, allowing for fast detailed analysis in training or educational applications.
- Improved threat hunting filter sets. Thirty-eight (38) new or updated ready-to-use threat hunting filters that help the user quickly search the Suricata alert and NSM data for shadow IT, policy violations, and suspicious activity.
- Integrated Cyberchef. Allows the user to apply Cyberchef encoding, decoding, and data analysis to the events, protocol transactions, and flow records created by Suricata.
- Additional Kibana dashboards. Six (6) new dashboards for improved network visibility and hunting with new support for the following protocols: SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT, and DCERPC. In addition, there is a new dashboard to help those working to solve SANS Institute challenges.
Risorse
La distribuzione può essere scaricata da:
Il sito web della distribuzione è: https://www.stamus-networks.com/open-source/#selks
Screenshot
Conclusioni
Questa è una versione maggiore.
21 Aprile 2022
SELKS