issues
search
stratosphereips
/
StratosphereLinuxIPS
Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
Other
668
stars
165
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
print the flow causing errors with the exception in all modules
#766
AlyaGomaa
opened
7 minutes ago
1
Fix unable to get daddr from conn.log flow in flowalerts
#765
AlyaGomaa
opened
8 minutes ago
1
Stop of output process done twice
#764
AlyaGomaa
opened
9 minutes ago
0
Update libp2p Update your go-libp2p dependency to the latest release, v0.30.0 at the time of writing.
#763
AlyaGomaa
opened
9 minutes ago
0
Check why threat intelligence module is making the most function calls and see how to make it faster
#762
AlyaGomaa
opened
10 minutes ago
0
Check why package-lock.json in kalipso is modified in git everytime we run slips
#761
AlyaGomaa
opened
10 minutes ago
0
Add the filename when reporting "Malicious downloaded file"
#760
AlyaGomaa
opened
42 minutes ago
1
The dns without resolution shouldn’t be alerted on icmp flows (don’t count icmp flows), we already have icmp scanning detection for icmp flows
#759
AlyaGomaa
opened
42 minutes ago
0
make sure that we're calculating the aid of icmp flows correctly.. communityid.FlowTuple.make_icmp,(mtype, mcode)
#758
AlyaGomaa
opened
43 minutes ago
0
Search how redis decides that the pub/sub client is slow and how is it dropping the msgs maybe there’s a value we can increase
#757
AlyaGomaa
opened
45 minutes ago
1
Error in sqlite: database is locked
#756
AlyaGomaa
opened
47 minutes ago
0
sqlite error: database disk image is malformed
#755
AlyaGomaa
opened
52 minutes ago
0
Zeek error in slips. Uknown
#754
AlyaGomaa
opened
53 minutes ago
0
Some modules do not end and we wait forever
#753
AlyaGomaa
opened
1 hour ago
0
DNS without connection still has FP to solve
#752
AlyaGomaa
opened
1 hour ago
0
Device is busy error when given a very large pcap
#751
AlyaGomaa
opened
1 hour ago
0
problem clicking on alerts button in web interface. nothing is displayed
#750
AlyaGomaa
opened
1 hour ago
0
Seems like some flows may not have been included in the timeline
#749
AlyaGomaa
opened
1 hour ago
1
There is no vertical port scan evidence generated in this pcap
#748
AlyaGomaa
opened
1 hour ago
0
Add this AD to slips
#747
AlyaGomaa
closed
21 hours ago
0
make a list of stuff that we're storing in the DB but we're not using so we can delete
#746
AlyaGomaa
opened
21 hours ago
0
use python-whois-extended instead of whois because it supports more TLDs
#745
AlyaGomaa
opened
21 hours ago
1
Can we put slips in this mode of in the middle?
#744
AlyaGomaa
opened
21 hours ago
1
Add a github CI action for splitting long lines
#743
AlyaGomaa
opened
21 hours ago
0
In the integration tests, dont hardcode the ports, use random ones, log them somewhere, and control them later if you wanna kill them all after the tests pass or fail
#742
AlyaGomaa
opened
21 hours ago
0
decide on a new design for slips evidence shown in alerts.log
#741
AlyaGomaa
opened
21 hours ago
1
move stratosphere letter generation to a separate library/repo and use it in slips
#740
AlyaGomaa
opened
21 hours ago
0
check the detections in netography
#739
AlyaGomaa
opened
21 hours ago
1
Work on improving the P2P system
#738
AlyaGomaa
opened
21 hours ago
1
check if we can generate traffic that would trigger the flowmlmodule
#737
AlyaGomaa
opened
21 hours ago
1
Add Incidents idea on top of alerts and evidence.
#736
AlyaGomaa
opened
21 hours ago
1
Have a Sensitivity Value
#735
AlyaGomaa
opened
21 hours ago
1
What does slips do when it runs out of RAM?
#734
AlyaGomaa
opened
21 hours ago
1
run bandit on slips
#733
AlyaGomaa
opened
21 hours ago
1
detect this https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/ssl-certificate-name-hostname-mismatch/
#732
AlyaGomaa
opened
21 hours ago
0
use this library for json proessing https://github.com/ijl/orjson
#731
AlyaGomaa
opened
21 hours ago
0
Make the integration tests more strict, add more evidence to check.
#730
AlyaGomaa
opened
21 hours ago
0
update how we store the acc threat level and timewindow in alerts.json
#729
AlyaGomaa
opened
21 hours ago
1
add pre-commit action to our CI to run unit tests
#728
AlyaGomaa
opened
21 hours ago
0
arp poison attackers as a response for attacks before they reach the rest of the network
#727
AlyaGomaa
opened
21 hours ago
0
check if we can move from sqlite to another db in the next big version
#726
AlyaGomaa
opened
21 hours ago
0
Do a better documentation on how to use the mlflow module, and video examples on how to retrain it in your traffic
#725
AlyaGomaa
opened
21 hours ago
0
add this to our zeek scripts https://github.com/keithjjones/zeek-njrat-detector
#724
AlyaGomaa
opened
21 hours ago
0
Add to the documentation what we do when 2 ips appear in 2 different threat levels. E.g. max threat lvl, all tags, all sources etc.
#723
AlyaGomaa
opened
21 hours ago
0
Add JA4+ to slips
#722
AlyaGomaa
opened
21 hours ago
1
Reduce false positives in entropy of domains by finding a better threshold. 5.1 instead of 5 can work. check
#721
AlyaGomaa
opened
21 hours ago
0
output.py should take care of logging evidene to alerts.log, not evidence.py
#720
AlyaGomaa
opened
21 hours ago
0
Detect legitimate remote access tools like teamviewer
#719
AlyaGomaa
opened
21 hours ago
0
Decrease the size of slips docker by deleting kalipso and nodejs
#718
AlyaGomaa
opened
21 hours ago
1
see how we can auto update slips version in the README using the VERSION file
#717
AlyaGomaa
opened
21 hours ago
0
Next