New Slips version v1.1.7 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 


Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

- Add global P2P support. Thanks to @d-strat

- Add new "GRE tunnel scan" detections.

- Add the option to enable/disable local and online whitelists from slips.yaml.

- Fix false positive "Connection to a private IP outside of local network" detection. Slips now doesn't alert on DNS servers outside of local network.

- Fix false positive "Connection to a private IP" detection when the connection is DHCP.

- Fix false positive "Device changing IP" detection alerting about special IPs.

- Fix false positive "Invalid DNS answer" detection alerting about .arpa domains.

- Fix false positive "non-HTTP established connection on port 80".

- Fix false positive "non-SSL established connection on port 443".

- Improve "Connection to unknown port" detections. Now the threat level depends on the flow state.

- Improve "DNS without connection" evidence. Slips now only detects when the query type is A or AAAA.

- Improve the description of malicious flow by MLflowdetection module.

- Improve the detections of the MLflowdetection module.

- Improve the existing "GRE tunnel" detections.

- Improve whitelists: Slips is now whitelisting CNAME, SNI, related queries, and DNS resolutions of attackers and victims.


Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.1.7

Learn more!

Wondering what Slips is capable of? Check out these demo presentations:

How to contribute

For those interested in contributing to Slips:

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.

Protecting the civil society through high quality research