Releases: stratosphereips/StratosphereLinuxIPS
Releases · stratosphereips/StratosphereLinuxIPS
v1.1.4
v1.1.3
- Enhance Slips shutdown process for smoother operations.
- Optimize resource management in Slips, resolving issues with lingering threads in memory.
- Remove the progress bar; Slips now provides regular statistical updates.
- Improve unit testing—special thanks to @Sekhar-Kumar-Dash.
- Drop support for macOS, P2P, and platform-specific Docker images. A unified Docker image is now available for all platforms.
- Correct the number of evidence reported in statistics.
- Fix incorrect end date reported in metadata/info.txt upon analysis completion.
- Print more information to CLI on Slips startup, including network details, client IP, thresholds used, and more.
- Reduce false positives from Spamhaus by looking up inbound traffic only.
- Speed up horizontal port scan detections.
- Enhance logging of IDMEF errors.
- Resolve issues with the accumulated threat level reported in alerts.json.
v1.1.2
- Add a relation between related evidence in alerts.json
- Better unit tests. Thanks to @Sekhar-Kumar-Dash
- Discontinued MacOS m1 docker images, P2p images, and slips dependencies image.
- Fix the problem of the progress bar stopping before analysis is done, causing Slips to freeze when analyzing large PCAPs.
- Improve how Slips recognizes the current host IP.
- Increase the speed of the Flowalerts module by changing how Slips checks for DNS servers.
- Major code improvements.
- Remove redundant keys from the Redis database.
- Remove unused keys from the Redis database.
- Use IDMEFv2 format in alerts.json instead of IDEA0.
- Wait for modules to finish 1 week by default.
v1.1.1
- Better unit tests. Thanks to @Sekhar-Kumar-Dash.
- Fix Slips installation script at install/install.sh
- Fix the issue of the flowalerts module not analyzing all given conn.log flows.
- Fix the Zeek warning caused by one of the loaded Zeek scripts.
- Improve how Slips validates domains taken from TI feeds.
- Improve whitelists.
- Update Python dependencies.
- Better handling of connections to the Redis database.
v1.1
- Update Python version to 3.10.12 and all the Python libraries used by Slips.
- Update nodejs and Zeek.
- Improve the stopping of Slips. Modules now have more time to process flows.
- Fix database unit tests overwriting redis configuration file.
- New configuration file format, Slips is now using YAML thanks to @patel-lay.
- Better unit tests. thanks to @Sekhar-Kumar-Dash.
- GitHub workflow improvements.
- Fix the RNN module and add a new model.
- Horizontal port scan detection improvements.
v1.0.15
- Add a Parameter to export strato letters to re-train the RNN model.
- Better organization of flowalerts module by splitting it into many specialized files.
- Better unit tests. thanks to @Sekhar-Kumar-Dash
- Disable "Connection without DNS resolution" evidence to DNS servers.
- Fix displaying "Failed" as the protocol name in the web interface when reading Suricata flows.
- Fix problem reversing source and destination addresses in JA3 evidence description.
- Improve CI by using more parallelization.
- Improve non-SSL and non-HTTP detections by making sure that the sum of bytes sent and received is zero.
- Improve RNN evidence description, now it's more clear which IP is the botnet, and which is the C&C server.
- Improve some threat levels of evidence to reduce false positives.
- Improve whitelists. Better matching, more domains added, reduced false positives.
- More minimal Slips notifications, now Slips displays the alert description instead of all evidence in the alert.
- The port of the web interface is now configurable in slips.conf
v1.0.14
- Improve whitelists by better matching of ASNs, domains, and organizations.
- Whitelist Microsoft, Apple, Twitter, Facebook, and Google alerts by default to reduce false positives.
- Better unit tests. Thanks to @Sekhar-Kumar-Dash
- Speed up port scan detections.
- Fix the issue of overwriting Redis configuration file every run.
- Add more info to metadata/info.txt for each run.
v1.0.13
- Whitelist alerts to all organizations by default to reduce false positives.
- Improve and compress Slips Docker images.
- Improve CI and add pre-commit hooks.
- Fix problem reporting victims in alerts.json.
- Better docs for the threat intelligence module.
- Improve whitelists.
- Better detection threshold to reduce false positives.
- Better unit tests.
- Fix problems stopping the daemon.
v1.0.12
- Add an option to specify the current client IP in slips.conf to help avoid false positives.
- Better handling of URLhaus threat intelligence.
- Change how slips determines the local network of the current client IP.
- Fix issues with the progress bar.
- Fix problem logging alerts and errors to alerts.log and erros.log.
- Fix problem reporting evidence to other peers.
- Fix problem starting the web interface.
- Fix whitelists.
- Improve how the evidence for young domain detections is set.
- Remove the description of blacklisted IPs from the evidence description and add the source TI feed instead.
- Set evidence to all young domain IPs when a connection to a young domain is found.
- Set two evidence in some detections e.g. when the source address connects to a blacklisted IP, evidence is set for both.
- Use blacklist name instead of IP description in all evidence.
- Use the latest Redis and NodeJS version in all docker images.
v1.0.11
- Improve the logging of evidence in alerts.json and alerts.log.
- Optimize the storing of evidence in the Redis database.
- Fix problem of missing evidence, now all evidence is logged correctly.
- Fix problem adding flows to incorrect time windows.
- Fix problem setting SSH version changing evidence.
- Fix problem closing Redis ports using -k.
- Fix problem closing the progress bar.
- Fix problem releasing the terminal when Slips is done.