Stamus Networks has announced the launch of Clear NDR 1.0, a specialized distribution designed to enhance network intrusion detection and prevention systems, as well as facilitate response to identified threats in network security. This distribution provides users with a ready-made solution for monitoring network safety, which can be used immediately after download. Clear NDR 1.0 supports Live mode operation and can be launched in virtualization or containers. The projects are distributed under the GPLV3 license. The loading image size is 3.9 GB.
The distribution is based on the DEBIAN package and utilizes the Suricata intrusion detection system. Data from various sources are stored in Opensearch, while an interface built on Kibana is offered for tracking the system’s state and identified incidents. The Web interface Stamus is used for managing rules and visualizing associated activity. Other components include ARKIME for network package capture, storage, and indexation, Evebox for event evaluation, and Fluentd for data collection.
Previously known as Selks, the distribution was renamed Clear NDR due to its readiness for use in small and medium enterprises. Two versions are now available: Community and Enterprise. The Enterprise version features integration with machine learning systems, expanded traffic classification capabilities, integration with third-party threat response systems, daily rule updates for intrusion detection, and technical support services.
The main changes in Clear NDR include: