Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips capabilities:
- Drop root privileges in modules that don't need them
- Added support for running slips in the background as a daemon
- Fix the issue of growing zeek logs by deleting old zeek logs every 1 day. (optional but enabled by default)
- Added support for running several instances of slips at the same time.
- Saving and loading the db in MacOS
- Fix reading flows from stdin, now it supports zeek, argus and suricata
- Faster Startup of slips, now slips updates the TI files in the background
More new features
We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog.
These are some of the new cool features that we have been working on:
- Added slips.log where all Slips logs goes. in daemon and interactive mode
- Automatic starting of redis servers (cache and main databases).
- Added a new TI file https://hole.cert.pl/domains/domains.json
- Update the docs and added instructions for contributing and creating a new module
Check Our Slips Demo
Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.
https://www.youtube.com/watch?v=1KqwlxVuf48
And the analysis of several malicious PCAPs using Slips:
https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html](https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html
Detailed explanation on how to contribute and create a new module:
https://stratospherelinuxips.readthedocs.io/en/develop/create_new_module.html
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.