Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips features:
Run multiple slips instances on demand using (-m), and use redis port 6379 by default.
Fix false positive 'DNS resolution without connection' alerts
Faster Slips and reduced memory and CPU consumption
Better 'unknown ports' detections
Faster reading of local TI files
Fix docker not working in macOS
Fix problem generating the data upload alerts
Improve contributing guidelines
More new features
We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new cool features that we have been working on:
Update microsoft IP ranges used for whitelisting
Fix problem stopping input process when slips stops
Update the locations of GeoIP database in zeek for better zeek detections
Fix P2P output dir, now it's the same as alerts.log and slips.log
Update our usage of macvendors.com API
Whitelist the connections made by slips, so now you won't be alerted when Slips is using virustotal.com or macvendors.com
Check Our Slips Demo
Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.
https://www.youtube.com/watch?v=1KqwlxVuf48
And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.