stratosphereips StratosphereLinuxIPS issues

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Other

712 stars 176 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

check why fides module doesn't stop on ctrl+c

#1078 AlyaGomaa opened 9 hours ago
0
Make fides module only start on interface

#1077 AlyaGomaa closed 9 hours ago
0
move the tests at webinterface/tests/redis_tests.py to the tests/ dir and run them using CI

#1076 AlyaGomaa opened 1 day ago
0
problem changing the redis database from the web interface , it's always displaying the same db (the last one opened)

#1075 AlyaGomaa opened 1 day ago
0
we have ResolvedDomains, DNSresolution and DomainsResolved keys in the redis db. why?

#1074 AlyaGomaa opened 3 days ago
0
Fides Module

#1073 d-strat opened 3 days ago
0
Use more descriptive db key names

#1072 AlyaGomaa opened 3 days ago
0
host_ip_manager.py: use the hosts's ipv6 if ipv4 isn't available

#1071 AlyaGomaa closed 3 days ago
0
Is slips now detecting the ipv6 of a computer that doesnt have ipv4?

#1070 AlyaGomaa closed 3 days ago
1
improve inbound traffic detection in timeline.py

#1069 AlyaGomaa closed 3 days ago
0
Add known FP MD5 hashes list at https://github.com/Neo23x0/ti-falsepositives to threat intel module

#1068 AlyaGomaa closed 4 days ago
0
use whois.validTlds() instead of hardcoded valid tlds

#1067 AlyaGomaa closed 4 days ago
0
ipsum TI feed blacklisting slack domains

#1066 AlyaGomaa closed 4 days ago
1
Fix domain resolved with no conn FP and datetime errors

#1065 AlyaGomaa closed 1 week ago
0
dns.py: check for whitelisted whitelist dst domains when detecting DGA

#1064 AlyaGomaa closed 1 week ago
0
Slips is alerting “domain resolved with no connection” as soon as slips starts running on an interface, it should wait 30 minutes before the first alert of this type in case the connection was done in the past and is still not logged yet

#1063 AlyaGomaa closed 1 week ago
1
Make sure all lists in slips.yaml are of type list instead of str

#1062 AlyaGomaa opened 1 week ago
0
Spamhaus lookups are detected as "possible DGA" in Slips

#1061 AlyaGomaa closed 1 week ago
1
Milestone 1:asdfasdf

#1060 eldraco closed 3 days ago
0
build(deps): bump actions/cache from 3 to 4

#1059 dependabot[bot] closed 1 week ago
0
Add a light docker image

#1058 AlyaGomaa closed 2 weeks ago
0
build(deps): bump watchdog from 5.0.0 to 6.0.0 in /install

#1057 dependabot[bot] opened 2 weeks ago
0
CI: cache zeek builds

#1056 AlyaGomaa closed 2 weeks ago
0
Slips v1.1.3

#1055 AlyaGomaa closed 3 weeks ago
0
use on demand imports for profilers

#1054 AlyaGomaa closed 2 weeks ago
0
remove tqdm,setuptools, wheel and colorama from requirements.txt

#1053 AlyaGomaa closed 3 weeks ago
0
import viztracer and memray on demand when profiling

#1052 AlyaGomaa closed 2 weeks ago
0
Add support for a light slips docker image, with no ML modules, no dataset/ dir, no p2p, web or kalipso.

#1051 AlyaGomaa closed 1 week ago
1
fix a readme typo

#1050 wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf closed 2 weeks ago
2
use the current client/host ip for detecting inboud traffic in is_inbound_traffic() in timeline.py

#1049 AlyaGomaa closed 3 days ago
1
Fix deleting arp periodically

#1048 AlyaGomaa closed 4 weeks ago
0
build(deps): bump tensorflow from 2.16.1 to 2.18.0 in /install

#1047 dependabot[bot] opened 4 weeks ago
0
build(deps): bump watchdog from 5.0.0 to 5.0.3 in /install

#1046 dependabot[bot] closed 2 weeks ago
1
Circllu improvements

#1045 AlyaGomaa closed 4 weeks ago
0
fix evidence not counting for the correct profile

#1044 AlyaGomaa closed 1 month ago
2
the accumulated threat levels doesnt keep increasing as long as there's no alert in a given timewindow as it's supposed to

#1043 AlyaGomaa closed 1 month ago
1
build(deps): bump protobuf from 4.25.3 to 5.28.3 in /install

#1042 dependabot[bot] opened 1 month ago
0
Why is circl.lu score 0.5 converted to info threat level in slips

#1041 AlyaGomaa closed 4 weeks ago
1
Document circllu computation of threat levels, aka what happens here calculate_threat_level()

#1040 AlyaGomaa closed 4 weeks ago
0
Check why some evidence in alerts.log had and extra \n at the end.

#1039 AlyaGomaa opened 1 month ago
0
In the docs we say slips has 4 threat levels,, but in the table theyre 5

#1038 AlyaGomaa closed 4 weeks ago
0
document how the stop msgs are happening

#1037 AlyaGomaa closed 4 weeks ago
0
build(deps): bump urllib3 from 2.2.2 to 2.2.3 in /install

#1036 dependabot[bot] closed 4 weeks ago
0
build(deps): bump pre-commit from 3.8.0 to 4.0.1 in /install

#1035 dependabot[bot] closed 1 month ago
0
Better logging of IDMEF errors and normalize the confidence of all evidence to range from 0 to 1

#1034 AlyaGomaa closed 1 month ago
0
Problem logging errors from IDMEFv2 file

#1033 AlyaGomaa closed 1 month ago
1
Print more info

#1032 AlyaGomaa closed 1 month ago
0
Update the docs of portscans (specifically horizontal) to say that we ignore the resolved IPs

#1031 AlyaGomaa closed 4 weeks ago
0
Rename this key 'DstPortsClientTCPNot Established' used in the horizontal portscan to something that state that these are “resolved_ips”

#1030 AlyaGomaa opened 1 month ago
0
Print more info in the CLI like, host ip, used network if recognized, used slips threshold, used twid width, etc. Use colors too.

#1029 AlyaGomaa closed 1 month ago
0