Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

- 200x times speedup of domain lookups in the threat intelligence module.

- Add a threat level and confidence to each alert.

- Add evidence for CN and hostname mismatch in SSL flows.

- Add multiple telnet reconnection attempts detection.

- Add support to IP ranges as the client_ip in slips.yaml

- Alert "invalid DNS answer" on all private DNS answers.

- Don't alert "high entropy TXT answers" for flows from multicast IPs.

- Fix multiple reconnection attempts detection.

- Fix problem downloading the latest MAC database from macvendors.com

- Improve the detection of the Gateway IP and MAC when running on files and PCAPs.

- Improve unit tests. Special thanks to @Sekhar-Kumar-Dash.

- Split the "connection to/from blacklisted IPs" detection into two different evidence with different threat levels.

- Update Slips internal list of Apple known ports.

Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.1.5

Learn more!

Wondering what Slips is capable of? Check out these demo presentations:

For those interested in contributing to Slips:

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.