Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips features:
3x speedup of the profiler process responsible for analyzing the given flows.
Fix false positive "connection without DNS" detection.
Fix false positive "DNS without connection" detection.
Fix problem parsing Suricata DNS flows.
Fix problem using threat intelligence feeds from cache even if they are not present in the given config file.
Fix regex warning when starting Slips. Special thanks to @Sekhar-Kumar-Dash.
Fix Tranco whitelists.
Improve "Incompatible CN" detection.
Improve "Invalid DNS answer" detection.
Improve unit tests. Special thanks to @Sekhar-Kumar-Dash.
Improve whitelisting by checking if the SNI of each evidence is whitelisted or not.
Update the license used.
Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.1.6
Learn more!
Wondering what Slips is capable of? Check out these demo presentations:
LCN conference in 2021: https://youtu.be/1KqwlxVuf48
BlackHat USA Arsenal 2022: https://youtu.be/dJuTmi2bJcI
How to contribute
For those interested in contributing to Slips:
https://stratospherelinuxips.readthedocs.io/en/develop/contributing.html
https://www.stratosphereips.org/blog/2022/6/6/writing-a-slips-module
https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.