New Slips version 0.9.5 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

  • Add a new web interface

  • Detect Incompatible certificate CN

  • Detect downloads from pastebin with size > 0.012 MBs

  • Detect DOS executable downloads from http websites

  • Update the mac database automatically

  • Support using multiple home network parameters in slips.conf

  • Add redis.conf for special redis configurations when running slips

  • Improve portscan or ARP scan alerts

  • Improve ARPA scan alerts to alert on unique domains

  • Add new methods to detect data upload

  • Add the option to close all redis servers when slips can't start because all port are unavailable

  • Remove support for whitelisting an unsupported org by slips

  • Better description of alerts exported to Slack

  • Faster Whitelists

  • Whitelist connections made by slips causing false positives

  • Change the unknown ports detections to detect only established connections

  • Change -killall argument behaviour. now supports closing a specific redis port or all of them at once

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

  • Fix exporting module

  • Fix the way we update TI files

  • Fix false positive resolution without connection alerts

  • Fix disabling alerts

  • Fix saving and loading the database

  • Fix running several slips instances

  • Fix stopping the daemon with -S

  • Fix how packets are calculated in port scan detections

  • Fix 'multiple reconnections attempts' detection to detect 5 or more rejected reconnection attempts to the same IP on the same destination port 

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.

Article Link: New Slips version 0.9.5 is here! — Stratosphere IPS