Suricata IPS example
In this example, we'll use SELKS from Stamus Networks (https://www.stamus-networks.com/selks). The SELKS name reflects its major components: Suricata, Elasticsearch, Logstash, Kibana, and Stamus Scirius Community Edition. This is packaged on Debian Linux, so things should look familiar if you've been following along in this book, as Ubuntu is rooted in the Debian "parent" distribution.
SELKS has a live option and an install option. The live option runs the entire solution off the ISO image. This is handy for small labs or to quickly evaluate the tool, and you may choose to go this way in this chapter. In production, however, you'll want to work with an installed-on-real-disk (preferably on an SSD or an other fast storage option) image.
The installation guide for SELKS is located here: https://github.com/StamusNetworks/SELKS/wiki/First-time-setup. As this does change fairly frequently, we won't do an actual installation in this...
