Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

• Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS

• Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

• Add an option to store the zeek log files inside the output dir

• Add support for suricata ssh flows

• Better detection of suspicious user agents

• Detect DNS answers that have a blacklisted IP or CNAME

• Detect ICMP scans in netflow files

• Don't alert ARP scans from the gateway

• Keep track of profiles' past threat levels

• Kill all modules after 15 mins to trying to stop them

• Kill slips on when redis ConnectionError occurs

• Make rotating zeek files configurable. how many days you want to keep the rotated files and how often to rotate

• Remove support for VT hash lookups to save quota

• Support looking up hashes and domains in URLhaus

• Support looking up hashes in Circl.lu

• Support looking up IPs in Spamhaus

• Support running slips on a growing zeek dir. for example a zeek dir of an interface.

• whitelist top tranco top 10k domains for fewer false positive alerts

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

• Fix false positive connection without DNS

• Fix importing and exporting to warden servers

• Fix P2P

• Fix problem detecting SSH logins by zeek

• Fix reading zeek tab files

• Fix saving the redis database

• Fix vertical portscan detections by zeek

• Fix zeek rotating files on ctrl+c

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.