SELKS

SELKS è una distribuzione Linux basata su Debian e prodotta da  Stamus Networks specializzata nel network security management. Fornisce un completo e pronto all’uso ecosistema Suricata IDS/IPS, nonchè Kibana IDS/NSM  e Scirius.

Versione 3.7

Questa versione contiene (in Inglese):

• Docker package. In addition to pre-packaged Debian Linux-based ISO images, SELKS is now available as a Docker Compose package that allows SELKS to be installed on virtually any Linux or Windows system, without requiring a heavy installation process. And the docker-based architecture makes it faster and easier to deploy a new SELKS machine with specific versions of each component.
• Fully automated PCAP replay. Allows SELKS to ingest and replay PCAP directly, allowing for fast detailed analysis in training or educational applications.
• Improved threat hunting filter sets. Thirty-eight (38) new or updated ready-to-use threat hunting filters that help the user quickly search the Suricata alert and NSM data for shadow IT, policy violations, and suspicious activity.
• Integrated Cyberchef. Allows the user to apply Cyberchef encoding, decoding, and data analysis to the events, protocol transactions, and flow records created by Suricata.
• Additional Kibana dashboards. Six (6) new dashboards for improved network visibility and hunting with new support for the following protocols: SNMP, RDP, SIP, HTTP2, RFB, GENEVE, MQTT, and DCERPC. In addition, there is a new dashboard to help those working to solve SANS Institute challenges.

Risorse

La distribuzione può essere scaricata da:

• ISO (3,1GB): https://my.stamus-networks.com/sn-dl/selks/b53f3852b0d6f7164bfb078013c74c633c6b679b3e3c076faaf6921556053423/SELKS-7-desktop.iso

Il sito web della distribuzione è: https://www.stamus-networks.com/open-source/#selks

Screenshot

SELKS 1.0

Conclusioni

Questa è una versione maggiore.