Our Blog

Stamus Networks is proud to announce the availability of Scirius 1.0. This is the first stable release of our web interface for Suricata ruleset management. It is providing an efficient way to manage and update the ruleset.

Scirius is displaying some graphics that will help you to get an idea of the activity of your Suricata probe and easily select rules that may be noisy and need to be deactivated:
Screenshot from 2015-04-20 22:07:08

But the main focus is on ruleset handling. You can for example follow the change of a signature source:

Screenshot from 2015-04-20 22:05:36

Scirius is not meant to replace a good dashboard interface, so it is providing a link to Kibana dashboard:
Screenshot from 2015-04-20 22:38:48

Scirius also allows you to search inside its database to find the elements you are looking for:

Screenshot from 2015-04-20 22:06:06

Scirius is able to handle multiple sources. So you can mixed local rules and rules download from outside sources such as Emerging Threats or SSLBL from abuse.ch:
Screenshot from 2015-04-20 22:05:52

Scirius is fetching activity information from Elasticsearch and it is now even able to display some interesting information about the state of your cluster
Screenshot from 2015-04-20 22:06:51

Scirius 1.0 is part of SELKS our live and installable Suricata NSM/IDS distribution. Happy SELKS can upgrade to scirius 1.0 via a simple apt-get update && apt-get upgrade. Other users can simply grab the release from Github.

The development will now focus on getting Scirius ready to handle IPS. So the changes will mostly be about rules transformation and the main features of Scirius should stay alike.