New Slips version 1.0.2 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

• Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS

• Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

• Add a blocking indicator in alerts.json

• Add a progress bar to slips showing the number of processed flows

• Add a zeek script to recognize the gateway IP and add it to notice.log 

• Add the option to display all evidence in a profile

• Add the option to view blocked profiles only in the web interface

• Add the uids that caused evidence to the evidence description in alerts.json

• Code optimizations

• Don't alert "Connection to Private IP" when there's a DNS connection on port 53 UDP to the gateway

• Faster reading of netflow and suricata files

• Kill web interface on ctrl+c

• Support ASNs in our own_malicious_iocs.csv file

• Update slips default whitelist

• Use the current user's timezone in alerts.log and alets.json

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

• Fix caching ASN ranges

• Fix displaying alerts of profile in the webinterface

• Fix error parsing AIP TI list.

• Fix having duplicate alerts

• Fix problem displaying data from the DB in the web interface 

• Fix searching in the web interface

• Fix vertical and horizontal portscan errors

• Fix wrong Source/Target type in alerts.json

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.

Article Link: New Slips version 1.0.2 is here! — Stratosphere IPS