Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

• Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS

• Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

• Add a blocking indicator in alerts.json

• Add a progress bar to slips showing the number of processed flows

• Add a zeek script to recognize the gateway IP and add it to notice.log 

• Add the option to display all evidence in a profile

• Add the option to view blocked profiles only in the web interface

• Add the uids that caused evidence to the evidence description in alerts.json

• Code optimizations

• Don't alert "Connection to Private IP" when there's a DNS connection on port 53 UDP to the gateway

• Faster reading of netflow and suricata files

• Kill web interface on ctrl+c

• Support ASNs in our own_malicious_iocs.csv file

• Update slips default whitelist

• Use the current user's timezone in alerts.log and alets.json

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

• Fix caching ASN ranges

• Fix displaying alerts of profile in the webinterface

• Fix error parsing AIP TI list.

• Fix having duplicate alerts

• Fix problem displaying data from the DB in the web interface 

• Fix searching in the web interface

• Fix vertical and horizontal portscan errors

• Fix wrong Source/Target type in alerts.json

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.