Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

• Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS

• Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips capabilities:

• Add support for local JA3 feeds

• Improve CESNET Module

• Update and improve whitelists

• Improve alerts by adding the hostname to the alerts printed in the CLI and in alerts.log

• Faster startup of Slips, now Threat Intelligence (TI) files are updated concurrently.

• Add a Logstash configuration file to allow exporting slips alerts.

• Add support for malicious SSL feeds.

• Support blacklisting IP ranges taken from TI feeds.

• profilerProcess optimizations.

• Get device type, browser and OS info from user agents found in HTTP traffic.

• Add "Blocked by Slips" comment to all iptables rules added by Slips

• Improve whitelisting by updating organizations' domains.

• Better documentation

• Fix invalid JSON alerts in alerts.json

• Fix problem stopping Slips.

• Fix problem with Redis stopping on error writing to disk.

• Fix false positive 'not valid yet' SSL alerts

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.


And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.