Stamus Networks has announced the release of SELKS 10, a specialized distribution designed to deploy detection and prevention systems for network invasions, as well as organizing responses to identified threats and monitoring network security. This ready-made solution allows users to manage network safety immediately after booting up. SELKS 10 supports Live mode work and the ability to launch virtualization or containers. The project is distributed under the GPLV3 license. Two ISO images have been created for loading: one with the XFCE graphic environment (3.5 GB) and another for console mode (2.7 GB).
Built on the DEBIAN package base, this distribution uses an open system for Suricata attack detection. Data processing is done through logstash and stored in the Elasticsearch vault. An interface on top of Kibana is used to track the current state and identified incidents. The Web interface Stamus CE allows for the management of rules and the visualization of related activities. Additionally, the distribution includes a system for capturing, storing, and indexing ARKIME network packages, an interface for event evaluation called evebox, and a data analyzer named tyberchef.
One of the main features of SELKS 10 is the transfer of additional capabilities from the parallelly developed commercial SSP platform, Stamus Security Platform, to the user interface. The Web interface has been optimized to simplify work and provide information on threat discovery, suspicious activity detection, and evidence analysis.