Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips features:
- Use All-ID hash to fingerprint flows stored in the flows database.
- Increase the weight of port scan alerts by increasing its threat level.
- Fix false positive port scan alerts.
- Add an option in slips.conf to wait for the update manager to update all TI feeds before starting Slips to avoid missing any blacklisted IPs evidence.
- Fix error detecting password guessing.
- Fix issues reading all flows when running on a low-spec device.
- Improve the stopping of slips and termination of processes.
- Improve the progress bar.
- Fix reading flows from stdin.
- Better code, logs, and unit tests.
Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.8
Learn more!
Wondering what Slips is capable of? Check out these demo presentations:
LCN conference in 2021: https://youtu.be/1KqwlxVuf48
BlackHat USA Arsenal 2022: https://youtu.be/dJuTmi2bJcI
How to contribute
For those interested in contributing to Slips:
https://stratospherelinuxips.readthedocs.io/en/develop/contributing.html
https://www.stratosphereips.org/blog/2022/6/6/writing-a-slips-module
https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.
Article Link: New Slips version v1.0.8 is here! — Stratosphere IPS