New Slips version 0.8.4 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips capabilities:

  • Add support for local JA3 feeds

  • Improve CESNET Module

  • Update and improve whitelists

  • Improve alerts by adding the hostname to the alerts printed in the CLI and in alerts.log

  • Faster startup of Slips, now Threat Intelligence (TI) files are updated concurrently.

  • Add a Logstash configuration file to allow exporting slips alerts.

  • Add support for malicious SSL feeds.

  • Support blacklisting IP ranges taken from TI feeds.

  • profilerProcess optimizations.

  • Get device type, browser and OS info from user agents found in HTTP traffic.

  • Add "Blocked by Slips" comment to all iptables rules added by Slips

  • Improve whitelisting by updating organizations' domains.

  • Better documentation

  • Fix invalid JSON alerts in alerts.json

  • Fix problem stopping Slips.

  • Fix problem with Redis stopping on error writing to disk.

  • Fix false positive 'not valid yet' SSL alerts

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.


And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.

Article Link: New Slips version 0.8.4 is here! — Stratosphere IPS