When detecting connections to unknown ports, instead of established, check that the state is one of the following

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Other

685 stars 164 forks source link

When detecting connections to unknown ports, instead of established, check that the state is one of the following #692

Open AlyaGomaa opened 1 month ago

AlyaGomaa commented 1 month ago

Created by Alya Gomaa via monday.com integration. 🎉

AlyaGomaa commented 1 month ago

S0 (threat level = low)

S1 (threat level = critical)

SF (threat level = critical)

S2 (threat level = medium)

S3 (threat level = medium)

RSTO (threat level = high)

RSTR (threat level = high)

If it was established, it should have more threat level