patel-lay
commented
4 months ago Faced the same error in ubuntu-image build, while testing dataset7-malicious.pcap. @eldraco, did you just faced the warning? In my case it didn't read anything.
Closed eldraco closed 3 months ago
patel-lay
commented
4 months ago Faced the same error in ubuntu-image build, while testing dataset7-malicious.pcap. @eldraco, did you just faced the warning? In my case it didn't read anything.
eldraco
commented
4 months ago Yes, It the same file datasets/dataset7-malicious.pcap in Slips v1.1 in docker in macos m1, I have the warning, but still data and evidence is generated.
root@0b20bacb5262:/StratosphereLinuxIPS# ./slips.py -e 1 -f dataset/test7-malicious.pcap
[Main] Starting redis cache database..
Slips. Version 1.1
(2e2ce5b9)
https://stratosphereips.org
---------------------------
[Main] Using redis server on port: 6379
Started Main process [PID 213]
Started PBar process [PID 236]
Starting modules
Starting the module ARP (Detect ARP attacks) [PID 254]
Starting the module Flow Alerts (Alerts about flows: long connection, successful ssh, password guessing, self-signed certificate, data exfiltration, etc.) [PID 256]
Starting the module Flow ML Detection (Train or test a Machine Learning model to detect malicious flows) [PID 258]
Starting the module HTTP Analyzer (Analyze HTTP flows) [PID 259]
Starting the module IP Info (Get different info about an IP/MAC address) [PID 260]
Starting the module Network Discovery (Detect Horizonal, Vertical Port scans, ICMP, and DHCP scans) [PID 261]
Starting the module Risk IQ (Module to get passive DNS info about IPs from RiskIQ) [PID 262]
Starting the module RNN C&C Detection (Detect C&C channels based on behavioral letters) [PID 263]
Starting the module Threat Intelligence (Check if the source IP or destination IP are in a malicious list of IPs) [PID 281]
Starting the module Timeline (Creates kalipso timeline of what happened in the network based on flows and available data) [PID 283]
Starting the module Update Manager (Update Threat Intelligence files) [PID 284]
Starting the module Virustotal (IP, domain and file hash lookup on Virustotal) [PID 285]
WARNING:absl:Compiled the loaded model, but the compiled metrics have yet to be built. `model.compile_metrics` will be empty until you train or evaluate the model.
---------------------------
[Main] Disabled Modules: ['template', 'ensembling', 'exporting_alerts', 'p2ptrust', 'cesnet', 'blocking', 'leak_detector', 'cyst']
[Evidence] Storing Slips logs in output/test7-malicious.pcap_2024-08-04_23:53:52/
Started Evidence Process [PID 286]
Started Profiler Process [PID 287]
[Main] Metadata added to output/test7-malicious.pcap_2024-08-04_23:53:52/metadata
Started Input Process [PID 288]
[Input] Storing zeek log files in output/test7-malicious.pcap_2024-08-04_23:53:52/zeek_files
[Main] Warning: Slips may generate a large amount of traffic by querying TI sites.
[Input] Zeek error. return code: 0 error:b'warning in /opt/zeek/share/zeek/policy/tuning/defaults/__load__.zeek, line 1: deprecated script loaded from /StratosphereLinuxIPS/zeek-scripts/__load__.zeek:25 "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";'
[Input] We read everything. No more input. Stopping input process. Sent 541 linest 1 hr: 4. (2024/08/04 23:54:31))
[Input] Stopping. Total lines read: 541
[Main] nalyzed IPs so far: 17. Evidence Added: 27. IPs sending traffic in the last 1 hr: 0. (2024/08/04 23:54:36)
---------------------------
[Main] Stopping Slips
[Main] Analysis of dataset/test7-malicious.pcap finished in 0.71 minutes
AlyaGomaa
commented
4 months ago i can confirm this is happening in the latest ubuntu image, and slips is generating evidence normally. but not happening locally in Linux
AlyaGomaa
commented
3 months ago fixed here #887
Describe the bug When running Slips, zeek says
To Reproduce Steps to reproduce the behavior:
Branch Branch: develop Commit: 2e2ce5b9d94f5ff2056a936483bc896205e2378f Command: ./slips.py -f dataset/test-cc/test-cc-capture-2.pcap -e 1
Environment (please complete the following information):