Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips capabilities:
Add support for local JA3 feeds
Improve CESNET Module
Update and improve whitelists
Improve alerts by adding the hostname to the alerts printed in the CLI and in alerts.log
Faster startup of Slips, now Threat Intelligence (TI) files are updated concurrently.
Add a Logstash configuration file to allow exporting slips alerts.
Add support for malicious SSL feeds.
Support blacklisting IP ranges taken from TI feeds.
profilerProcess optimizations.
Get device type, browser and OS info from user agents found in HTTP traffic.
Add "Blocked by Slips" comment to all iptables rules added by Slips
Improve whitelisting by updating organizations' domains.
Better documentation
Fix invalid JSON alerts in alerts.json
Fix problem stopping Slips.
Fix problem with Redis stopping on error writing to disk.
Fix false positive 'not valid yet' SSL alerts
Check Our Slips Demo
Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.
And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.
Article Link: New Slips version 0.8.4 is here! — Stratosphere IPS