Features of SELKS IDS

SELKS is an open-source platform which provides Suricata IDS as well as tools to manage rules, alerts, flows, etc. I had worked with earlier versions of SELKS, and now I'm really surprised seeing the enhancements made in the latest version. Here are some of the changes:

1- SELKS comes with hundreds of pre-built visualization objects and dashboards. You can use those objects or create new ones to modify existing/create new dashboards.

2- The administration interface for SELKS components - from basic components such as Elasticsearch to individual Suricata rules - have been enhanced extensively.

3- You can use EveBox to analyze individual or groups of alerts, escalate them for further analysis, comment on alerts, etc.

4- As an open-source tool, the level of integration between SELKS components is interesting.

5- Most of the outputs, from high-level visualized ones to raw alerts, can be filtered based on multiple types of fields using the web interface.

6- You can manage and customize individual Suricata IDS rules easily in the web interface.

SELKS is highly recommended if you do not have an IDS sensor in your network.