Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips features:
- Store flows in SQLite database in the output directory instead of Redis.
- 55% RAM usage decrease.
- Support the labeling of flows based on Slips detections.
- Add support for exporting labeled flows in JSON and tsv formats.
- Code improvements. Change the structure of all modules.
- Graceful shutdown of all modules thanks to @danieltherealyang
- Print the number of evidence generated by Slips when running on PCAPs and interface.
- Improved the detection of ports that belong to a specific organization.
- Fix bugs in CYST module.
- Fix URLhaus evidence description.
- Fix the freezing progress bar issue.
- Fix problem starting Slips in docker in Linux.
- Ignore ICMP scans if the flow has ICMP type 3
- Improve our whitelist. Slips now checks for whitelisted attackers and victims in the generated evidence.
- Add embedded documentation in the web interface thanks to @shubhangi013
- Improved the choosing of random Redis ports using the -m parameter.
Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.6
Learn more!
Wondering what Slips is capable of? Check out these demo presentations:
LCN conference in 2021: https://youtu.be/1KqwlxVuf48
BlackHat USA Arsenal 2022: https://youtu.be/dJuTmi2bJcI
How to contribute
For those interested in contributing to Slips:
https://stratospherelinuxips.readthedocs.io/en/develop/contributing.html
https://www.stratosphereips.org/blog/2022/6/6/writing-a-slips-module
https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.
Article Link: New Slips version v1.0.6 is here! — Stratosphere IPS