New Slips version 0.9.5 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

  • Add a new web interface

  • Detect Incompatible certificate CN

  • Detect downloads from pastebin with size > 0.012 MBs

  • Detect DOS executable downloads from http websites

  • Update the mac database automatically

  • Support using multiple home network parameters in slips.conf

  • Add redis.conf for special redis configurations when running slips

  • Improve portscan or ARP scan alerts

  • Improve ARPA scan alerts to alert on unique domains

  • Add new methods to detect data upload

  • Add the option to close all redis servers when slips can't start because all port are unavailable

  • Remove support for whitelisting an unsupported org by slips

  • Better description of alerts exported to Slack

  • Faster Whitelists

  • Whitelist connections made by slips causing false positives

  • Change the unknown ports detections to detect only established connections

  • Change -killall argument behaviour. now supports closing a specific redis port or all of them at once

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:


  • Fix exporting module

  • Fix the way we update TI files

  • Fix false positive resolution without connection alerts

  • Fix disabling alerts

  • Fix saving and loading the database

  • Fix running several slips instances

  • Fix stopping the daemon with -S

  • Fix how packets are calculated in port scan detections

  • Fix 'multiple reconnections attempts' detection to detect 5 or more rejected reconnection attempts to the same IP on the same destination port 

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

https://www.youtube.com/watch?v=1KqwlxVuf48

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.



Article Link: New Slips version 0.9.5 is here! — Stratosphere IPS