ipsum TI feed blacklisting slack domains

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Other

712 stars 176 forks source link

ipsum TI feed blacklisting slack domains #1066

Closed AlyaGomaa closed 3 days ago

AlyaGomaa commented 1 week ago

2024-11-14T16:00:55.948150+02:00 (TW 1): Src IP 192.168.100.12 . Detected DNS answer with a blacklisted IP: 3.67.35.217 for query: edgeapi.slack.com Description: 1 Source: ipsum.txt. threat level: medium. IP 3.67.35.217 SNI: edgeapi.slack.com, appears in blacklist: ipsum.txt.

AlyaGomaa commented 3 days ago

they fixed it in the latest version https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt