Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips capabilities:
- Drop root privileges in modules that don't need them
- Added support for running slips in the background as a daemon
- Fix the issue of growing zeek logs by deleting old zeek logs every 1 day. (optional but enabled by default)
- Added support for running several instances of slips at the same time.
- Saving and loading the db in MacOS
- Fix reading flows from stdin, now it supports zeek, argus and suricata
- Faster Startup of slips, now slips updates the TI files in the background
More new features
We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog.
These are some of the new cool features that we have been working on:
- Added slips.log where all Slips logs goes. in daemon and interactive mode
- Automatic starting of redis servers (cache and main databases).
- Added a new TI file https://hole.cert.pl/domains/domains.json
- Update the docs and added instructions for contributing and creating a new module
Check Our Slips Demo
Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.
And the analysis of several malicious PCAPs using Slips:
Detailed explanation on how to contribute and create a new module:
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.
Article Link: New Slips version 0.9.1 is here! — Stratosphere IPS