Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

• Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS

• Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips capabilities:

• Detect young domains that was registered less than 60 days ago.

• Detect bad SMTP logins

• Detect SMTP bruteforce

• Detect DNS ARPA scans

• Update our list of ports used by specific organizations to minimize false positive 'unknown destination port' alerts

• Add support for Russia-Ukraine IoCs

• Detect incompatible user agents by comparing mac vendors with user agents found in http traffic.

• Detect the use of multiple user agents, for example Linux UA, then Apple UA, then MAC UA.

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new cool features that we have been working on:

• The default time to wait to alert on DNS without resolution now is 30 mins

• The time to wait for DNS without resolution now works in interface capture mode and in reading any file

• detect ICMP timestamp scan, Address scan and address mask scan

• Support deleting of large log files (arp.log) in case the user doesn't want a copy of the log files after slips is done

• Update our offline MAC vendor database and add support for getting unknown vendors from an online database

• Added a zeek script to recognize DoH flows for more real-time experience while using slips

• Change the structure of slips files by splitting large modules into smaller files.

• Reduce false positives by disabling 'connections without DNS' to a well known org

• Update the list of our special organization ports

• Document all the internet connections made by slips

• Add errors.log to output/ dir to log errors encountered by slips.

• Fix install.sh

• Fix 'multiple reconnection attemps' alerts

• Fix FP Multiple reconnection attempts

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

https://www.youtube.com/watch?v=1KqwlxVuf48

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.