New Slips version 1.0.0 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

  • Add -g option for running slips on growing zeek dirs. (for example dirs generated by zeek running on an interface)

  • Add a new log file p2p_reports.log, for logging peer reports only

  • Add Detection of SSH password guessing by slips in addition to zeek

  • Add Dockerfiles for MacOS M1

  • Add support for hosts outside of the network in zeek generated software.log

  • Alerts now contain attacks done by the profile only (excluding those done to the profile)

  • Blacklist IP used by blackmatter for exfiltration in config/own_malicious_iocs

  • Change colors and CLI evidence format

  • Create profiles for all IPs by default (source and destination IPs)

  • Create profiles for all ips reported by peers

  • Detect empty connections to duckduckgo used by blackmatter for checking internet connection

  • Don't detect 'connection without dns' when running on an interface except for when it's done by your own IP

  • Don't force kill all modules when using -P

  • Don't stop slips when p2p is enabled but slips is given a file, not an interface.

  • Ignore NXDOMAINs dns resolution when checking for 'dns without resolutions'

  • Keep track of old peer reports about the same ip

  • Make sure the domains that are part of DGA alerts are not whitelisted

  • Set evidence for each p2p report in the attackers profile

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

  • Fix P2P and ubutnu-image Dockerfiles

  • Fix pastebin downloads detection to include HTTPs too

  • Take p2p reports into consideration when deciding to block an IP

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.

Article Link: New Slips version 1.0.0 is here! — Stratosphere IPS