Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

- Add an option to specify the current client IP in slips.conf to help avoid false positives.

- Better handling of URLhaus threat intelligence.

- Change how slips determines the local network of the current client IP.

- Fix issues with the progress bar.

- Fix problem logging alerts and errors to alerts.log and erros.log.

- Fix problem reporting evidence to other peers.

- Fix problem starting the web interface.

- Fix whitelists.

- Improve how the evidence for young domain detections is set.

- Remove the description of blacklisted IPs from the evidence description and add the source TI feed instead.

- Set evidence to all young domain IPs when a connection to a young domain is found.

- Set two evidence in some detections e.g. when the source address connects to a blacklisted IP, evidence is set for both.

- Use blacklist name instead of IP description in all evidence.

- Use the latest Redis and NodeJS version in all docker images.

Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.12

Learn more!

Wondering what Slips is capable of? Check out these demo presentations:

For those interested in contributing to Slips:

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.