Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
Other
701
stars
175
forks
source link
Why is circl.lu score 0.5 converted to info threat level in slips #1041
sometimes it's converted to "high" from CTU-Malware-Capture-Botnet-219-2/Day1
{"Version": "2.0.3", "Analyzer": {"IP": "0.0.0.0", "Name": "Slips", "Model": "1.1.2", "Category": ["NIDS"], "Data": ["Flow", "Network"], "Method": ["Heuristic"]}, "Status": "Event", "ID": "29eb469f-49da-47ef-a2d4-256b821be75c", "Severity": "High", "StartTime": "1970-01-01T00:35:52.996177+00:00", "CreateTime": "2024-10-08T17:21:37.801464+00:00", "Confidence": 0.5, "Description": "Malicious downloaded file 9377838b0621b6eb6018b244586af2f9. size: 166 from IP: 192.168.1.113. Detected by: VirusShare, circl.lu. Score: 0.5. threat level: high.", "Source": [{"IP": "73.217.118.205", "Note": "{\"AS\": {\"org\": \"COMCAST-7922, US\", \"number\": \"AS7922\"}, \"rDNS\": \"c-73-217-118-205.hsd1.co.comcast.net\"}", "TI": ["PBL ISP Maintained, spamhaus"]}], "RelID": ["ec7dd838-6836-49f2-86d7-00078b88a5e8"], "Note": "{\"uids\": [\"C8Lb8sI1CNBPmxu8b\"], \"accumulated_threat_level\": 0.4, \"threat_level\": \"high\", \"timewindow\": 1}"}