stratosphereips StratosphereLinuxIPS issues

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Other

668 stars 165 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

print the flow causing errors with the exception in all modules

#766 AlyaGomaa opened 7 minutes ago
1
Fix unable to get daddr from conn.log flow in flowalerts

#765 AlyaGomaa opened 8 minutes ago
1
Stop of output process done twice

#764 AlyaGomaa opened 9 minutes ago
0
Update libp2p Update your go-libp2p dependency to the latest release, v0.30.0 at the time of writing.

#763 AlyaGomaa opened 9 minutes ago
0
Check why threat intelligence module is making the most function calls and see how to make it faster

#762 AlyaGomaa opened 10 minutes ago
0
Check why package-lock.json in kalipso is modified in git everytime we run slips

#761 AlyaGomaa opened 10 minutes ago
0
Add the filename when reporting "Malicious downloaded file"

#760 AlyaGomaa opened 42 minutes ago
1
The dns without resolution shouldn’t be alerted on icmp flows (don’t count icmp flows), we already have icmp scanning detection for icmp flows

#759 AlyaGomaa opened 42 minutes ago
0
make sure that we're calculating the aid of icmp flows correctly.. communityid.FlowTuple.make_icmp,(mtype, mcode)

#758 AlyaGomaa opened 43 minutes ago
0
Search how redis decides that the pub/sub client is slow and how is it dropping the msgs maybe there’s a value we can increase

#757 AlyaGomaa opened 45 minutes ago
1
Error in sqlite: database is locked

#756 AlyaGomaa opened 47 minutes ago
0
sqlite error: database disk image is malformed

#755 AlyaGomaa opened 52 minutes ago
0
Zeek error in slips. Uknown

#754 AlyaGomaa opened 53 minutes ago
0
Some modules do not end and we wait forever

#753 AlyaGomaa opened 1 hour ago
0
DNS without connection still has FP to solve

#752 AlyaGomaa opened 1 hour ago
0
Device is busy error when given a very large pcap

#751 AlyaGomaa opened 1 hour ago
0
problem clicking on alerts button in web interface. nothing is displayed

#750 AlyaGomaa opened 1 hour ago
0
Seems like some flows may not have been included in the timeline

#749 AlyaGomaa opened 1 hour ago
1
There is no vertical port scan evidence generated in this pcap

#748 AlyaGomaa opened 1 hour ago
0
Add this AD to slips

#747 AlyaGomaa closed 21 hours ago
0
make a list of stuff that we're storing in the DB but we're not using so we can delete

#746 AlyaGomaa opened 21 hours ago
0
use python-whois-extended instead of whois because it supports more TLDs

#745 AlyaGomaa opened 21 hours ago
1
Can we put slips in this mode of in the middle?

#744 AlyaGomaa opened 21 hours ago
1
Add a github CI action for splitting long lines

#743 AlyaGomaa opened 21 hours ago
0
In the integration tests, dont hardcode the ports, use random ones, log them somewhere, and control them later if you wanna kill them all after the tests pass or fail

#742 AlyaGomaa opened 21 hours ago
0
decide on a new design for slips evidence shown in alerts.log

#741 AlyaGomaa opened 21 hours ago
1
move stratosphere letter generation to a separate library/repo and use it in slips

#740 AlyaGomaa opened 21 hours ago
0
check the detections in netography

#739 AlyaGomaa opened 21 hours ago
1
Work on improving the P2P system

#738 AlyaGomaa opened 21 hours ago
1
check if we can generate traffic that would trigger the flowmlmodule

#737 AlyaGomaa opened 21 hours ago
1
Add Incidents idea on top of alerts and evidence.

#736 AlyaGomaa opened 21 hours ago
1
Have a Sensitivity Value

#735 AlyaGomaa opened 21 hours ago
1
What does slips do when it runs out of RAM?

#734 AlyaGomaa opened 21 hours ago
1
run bandit on slips

#733 AlyaGomaa opened 21 hours ago
1
detect this https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/ssl-certificate-name-hostname-mismatch/

#732 AlyaGomaa opened 21 hours ago
0
use this library for json proessing https://github.com/ijl/orjson

#731 AlyaGomaa opened 21 hours ago
0
Make the integration tests more strict, add more evidence to check.

#730 AlyaGomaa opened 21 hours ago
0
update how we store the acc threat level and timewindow in alerts.json

#729 AlyaGomaa opened 21 hours ago
1
add pre-commit action to our CI to run unit tests

#728 AlyaGomaa opened 21 hours ago
0
arp poison attackers as a response for attacks before they reach the rest of the network

#727 AlyaGomaa opened 21 hours ago
0
check if we can move from sqlite to another db in the next big version

#726 AlyaGomaa opened 21 hours ago
0
Do a better documentation on how to use the mlflow module, and video examples on how to retrain it in your traffic

#725 AlyaGomaa opened 21 hours ago
0
add this to our zeek scripts https://github.com/keithjjones/zeek-njrat-detector

#724 AlyaGomaa opened 21 hours ago
0
Add to the documentation what we do when 2 ips appear in 2 different threat levels. E.g. max threat lvl, all tags, all sources etc.

#723 AlyaGomaa opened 21 hours ago
0
Add JA4+ to slips

#722 AlyaGomaa opened 21 hours ago
1
Reduce false positives in entropy of domains by finding a better threshold. 5.1 instead of 5 can work. check

#721 AlyaGomaa opened 21 hours ago
0
output.py should take care of logging evidene to alerts.log, not evidence.py

#720 AlyaGomaa opened 21 hours ago
0
Detect legitimate remote access tools like teamviewer

#719 AlyaGomaa opened 21 hours ago
0
Decrease the size of slips docker by deleting kalipso and nodejs

#718 AlyaGomaa opened 21 hours ago
1
see how we can auto update slips version in the README using the VERSION file

#717 AlyaGomaa opened 21 hours ago
0