Releases v1.0.1
fix FP horizontal portscans caused by zeek flipping connections
Fix Duplicate evidence in multiple alerts
Fix FP urlhaus detetcions, now we use it to check urls only, not domains.
Fix md5 urlhaus lookups
add support for sha256 hashes in files.log generated by zeek
Add detection of weird HTTP methods
Fix race condition trying to update TI files when running multiple slips instances
Fix having multiple port scan alerts with the same timestamp
Add detection for non-SSL connections on port 443
Add detection for non-HTTP connections on port 80
P2P can now work without adding the p2p4slips binary to PATH
Add detection for connections to private IPs from private IPs
Add detection of high entropy DNS TXT answers
Add detection of connections to/from IPs outside the used local network.
Add detection for DHCP scans
Add detection for devices changing IPs.
Support having IP ranges in your own local TI file own_malicious_iocs.csv
Remove rstcloud TI file from slips.conf
Add the option to change pastebin download detection threshold in slips.conf
Add the option to change shannon entropy threshold detection threshold in slips.conf
Store zeek files in the output directory by default
Portscan detector is now called network service discovery
Move all TI feeds to their separate files in the config/ directory for easier use
Add the option to start slips web interface automatically using -w
Fix multiple SSH client versions detection
Add detection of IPs using multiple SSH server versions
Wait 30 mins before the first connection without DNS evidence
Optimize code and performance
Update Kalispo dependencies to use more secure versions
Change the rstcloud feed to https://raw.githubusercontent.com/rstcloud/rstthreats/master/feeds/full/random100_ioc_ip_latest.json
You can’t perform that action at this time.
