Home

Welcome to the SELKS wiki!

User documentation

Initial Setup

SELKS on Docker

• Docker: Install on any Linux OS (like Debian/CentOS/RedHat/Ubuntu) by using Docker and Docker Compose. Needs internet access.

Docker ISO

• Docker ISO setup: Install an ISO as bare metal or as a VM. Suitable in air gaped environments.

Developer documentation

• Building SELKS
• Customizing SELKS

Getting Help

• Help

Tutorials

• Use SELKS to solve the Unit 42 Wireshark Quiz
• The Hidden Value of Suricata Detection Events: NSM-Enriched IDS Alerts
• Unlocking the Secrets of Forensic Investigations: Solving the SANS Forensic Quiz using SELKS
• Webinar - Hunting Threats That Use Encrypted Network Traffic with Suricata
• Webinar - Threat Hunting with Suricata
• The Other Side of Suricata
• Suricata Myth Busting: Alerts and NSM
• Grafana Dashboards for SELKS
• Spin up a Complete Suricata Network Security Platform in Under 2 Minutes

Splunk

• SELKS Splunk App
• Stamus Networks Splunk App

Papers

SANS Institute InfoSec Reading Room - Continuous Monitoring: Build A World Class Monitoring System for Enterprise, Small Office, or Home.

Older documentation

• Documentation for SELKS6