Skip to content

v1.0.0
Compare
Choose a tag to compare
@AlyaGomaa AlyaGomaa released this 02 Dec 13:06
· 5755 commits to master since this release
v1.0.0
14ba265
  • Add -g option for running slips on growing zeek dirs. (for example dirs generated by zeek running on an interface)
  • Add a new log file p2p_reports.log, for logging peer reports only
  • Add Detection of SSH password guessing by slips in addition to zeek
  • Add Dockerfiles for MacOS M1
  • Add support for hosts outside of the network in zeek generated software.log
  • Alerts now contain attacks done by the profile only (excluding those done to the profile)
  • Blacklist IP used by blackmatter for exfiltration in config/own_malicious_iocs
  • Change colors and CLI evidence format
  • Create profiles for all IPs by default (source and destination IPs)
  • Create profiles for all ips reported by peers
  • Detect empty connections to duckduckgo used by blackmatter for checking internet connection
  • Don't detect 'connection without dns' when running on an interface except for when it's done by your own IP
  • Don't force kill all modules when using -P
  • Don't stop slips when p2p is enabled but slips is given a file, not an interface.
  • Fix P2P and ubutnu-image Dockerfiles
  • Fix pastebin downloads detection to include HTTPs too
  • Ignore NXDOMAINs dns resolution when checking for 'dns without resolutions'
  • Keep track of old peer reports about the same ip
  • Make sure the domains that are part of DGA alerts are not whitelisted
  • Set evidence for each p2p report in the attackers profile
  • Take p2p reports into consideration when deciding to block an IP
Assets 2
Loading