Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

• Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS

• Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

• Add -g option for running slips on growing zeek dirs. (for example dirs generated by zeek running on an interface)

• Add a new log file p2p_reports.log, for logging peer reports only

• Add Detection of SSH password guessing by slips in addition to zeek

• Add Dockerfiles for MacOS M1

• Add support for hosts outside of the network in zeek generated software.log

• Alerts now contain attacks done by the profile only (excluding those done to the profile)

• Blacklist IP used by blackmatter for exfiltration in config/own_malicious_iocs

• Change colors and CLI evidence format

• Create profiles for all IPs by default (source and destination IPs)

• Create profiles for all ips reported by peers

• Detect empty connections to duckduckgo used by blackmatter for checking internet connection

• Don't detect 'connection without dns' when running on an interface except for when it's done by your own IP

• Don't force kill all modules when using -P

• Don't stop slips when p2p is enabled but slips is given a file, not an interface.

• Ignore NXDOMAINs dns resolution when checking for 'dns without resolutions'

• Keep track of old peer reports about the same ip

• Make sure the domains that are part of DGA alerts are not whitelisted

• Set evidence for each p2p report in the attackers profile

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new fixes that we have been working on:

• Fix P2P and ubutnu-image Dockerfiles

• Fix pastebin downloads detection to include HTTPs too

• Take p2p reports into consideration when deciding to block an IP

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.

And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.