New Slips version 1.0.0 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

  • Add -g option for running slips on growing zeek dirs. (for example dirs generated by zeek running on an interface)

  • Add a new log file p2p_reports.log, for logging peer reports only

  • Add Detection of SSH password guessing by slips in addition to zeek

  • Add Dockerfiles for MacOS M1

  • Add support for hosts outside of the network in zeek generated software.log

  • Alerts now contain attacks done by the profile only (excluding those done to the profile)

  • Blacklist IP used by blackmatter for exfiltration in config/own_malicious_iocs

  • Change colors and CLI evidence format

  • Create profiles for all IPs by default (source and destination IPs)

  • Create profiles for all ips reported by peers

  • Detect empty connections to duckduckgo used by blackmatter for checking internet connection

  • Don't detect 'connection without dns' when running on an interface except for when it's done by your own IP

  • Don't force kill all modules when using -P

  • Don't stop slips when p2p is enabled but slips is given a file, not an interface.

  • Ignore NXDOMAINs dns resolution when checking for 'dns without resolutions'

  • Keep track of old peer reports about the same ip

  • Make sure the domains that are part of DGA alerts are not whitelisted

  • Set evidence for each p2p report in the attackers profile

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

  • Fix P2P and ubutnu-image Dockerfiles

  • Fix pastebin downloads detection to include HTTPs too

  • Take p2p reports into consideration when deciding to block an IP

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.

Article Link: New Slips version 1.0.0 is here! — Stratosphere IPS