Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

• Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS

• Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

• Add a new web interface

• Detect Incompatible certificate CN

• Detect downloads from pastebin with size > 0.012 MBs

• Detect DOS executable downloads from http websites

• Update the mac database automatically

• Support using multiple home network parameters in slips.conf

• Add redis.conf for special redis configurations when running slips

• Improve portscan or ARP scan alerts

• Improve ARPA scan alerts to alert on unique domains

• Add new methods to detect data upload

• Add the option to close all redis servers when slips can't start because all port are unavailable

• Remove support for whitelisting an unsupported org by slips

• Better description of alerts exported to Slack

• Faster Whitelists

• Whitelist connections made by slips causing false positives

• Change the unknown ports detections to detect only established connections

• Change -killall argument behaviour. now supports closing a specific redis port or all of them at once

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

• Fix exporting module

• Fix the way we update TI files

• Fix false positive resolution without connection alerts

• Fix disabling alerts

• Fix saving and loading the database

• Fix running several slips instances

• Fix stopping the daemon with -S

• Fix how packets are calculated in port scan detections

• Fix 'multiple reconnections attempts' detection to detect 5 or more rejected reconnection attempts to the same IP on the same destination port 

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.