Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

- Add a Parameter to export strato letters to re-train the RNN model.

- Better organization of flowalerts module by splitting it into many specialized files.

- Better unit tests. thanks to @Sekhar-Kumar-Dash

- Disable "Connection without DNS resolution" evidence to DNS servers.

- Fix displaying "Failed" as the protocol name in the web interface when reading Suricata flows.

- Fix problem reversing source and destination addresses in JA3 evidence description.

- Improve CI by using more parallelization.

- Improve non-SSL and non-HTTP detections by making sure that the sum of bytes sent and received is zero.

- Improve RNN evidence description, now it's more clear which IP is the botnet, and which is the C&C server.

- Improve some threat levels of evidence to reduce false positives.

- Improve whitelists. Better matching, more domains added, reduced false positives.

- More minimal Slips notifications, now Slips displays the alert description instead of all evidence in the alert.

- The port of the web interface is now configurable in slips.conf

Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.15

Learn more!

Wondering what Slips is capable of? Check out these demo presentations:

For those interested in contributing to Slips:

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.