Skip to content

v1.0.15

Compare
Choose a tag to compare
@AlyaGomaa AlyaGomaa released this 14 Jun 11:49
· 1604 commits to master since this release
fb4246d
  • Add a Parameter to export strato letters to re-train the RNN model.
  • Better organization of flowalerts module by splitting it into many specialized files.
  • Better unit tests. thanks to @Sekhar-Kumar-Dash
  • Disable "Connection without DNS resolution" evidence to DNS servers.
  • Fix displaying "Failed" as the protocol name in the web interface when reading Suricata flows.
  • Fix problem reversing source and destination addresses in JA3 evidence description.
  • Improve CI by using more parallelization.
  • Improve non-SSL and non-HTTP detections by making sure that the sum of bytes sent and received is zero.
  • Improve RNN evidence description, now it's more clear which IP is the botnet, and which is the C&C server.
  • Improve some threat levels of evidence to reduce false positives.
  • Improve whitelists. Better matching, more domains added, reduced false positives.
  • More minimal Slips notifications, now Slips displays the alert description instead of all evidence in the alert.
  • The port of the web interface is now configurable in slips.conf