Slips v1.1.6 #1208

AlyaGomaa · 2025-01-31T16:06:56Z

3x speedup of the profiler process responsible for analyzing the given flows.
Fix false positive "connection without DNS" detection.
Fix false positive "DNS without connection" detection.
Fix problem parsing Suricata DNS flows.
Fix problem using threat intelligence feeds from cache even if they are not present in the given config file.
Fix regex warning when starting Slips. Special thanks to @Sekhar-Kumar-Dash.
Fix Tranco whitelists.
Improve "Incompatible CN" detection.
Improve "Invalid DNS answer" detection.
Improve unit tests. Special thanks to @Sekhar-Kumar-Dash.
Improve whitelisting by checking if the SNI of each evidence is whitelisted or not.
Update the license used.

Bumps [six](https://github.com/benjaminp/six) from 1.16.0 to 1.17.0. - [Changelog](https://github.com/benjaminp/six/blob/main/CHANGES) - [Commits](benjaminp/six@1.16.0...1.17.0) --- updated-dependencies: - dependency-name: six dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [redis](https://github.com/redis/redis-py) from 5.1.1 to 5.2.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v5.1.1...v5.2.1) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…develop/six-1.17.0 build(deps): bump six from 1.16.0 to 1.17.0 in /install

…develop/redis-5.2.1 build(deps): bump redis from 5.1.1 to 5.2.1 in /install

…r evidence to be able to check if it's whitelisted

…toring them in the db

…to google.com"

…ject field, not the issuer field.

…ix_whitelists

…vidence

Fix reading tranco whitelist and support checking attacker and victim SNIs for whitelisted domains

…s_when_-w_is_given Fix clearing zeek files from the database when the web interface is started using -w

Sekhar-Kumar-Dash and others added 30 commits August 9, 2024 14:51

added test_idea_format.py

179a26f

Updated idea_format.py

1603221

Updated CI-staging.yml

aa76d14

Updated CI-production-testing.yml

879d26a

Created a unittest for rnn_detection_cc.py

f9b8e36

Updated module_factory.py

a921578

Updated CI-production-testing.yml

ea753fd

Updated CI-staging.yml

941be88

Updated CI-production-testing.yml

9c7780f

Rename test_rnn_detection_cc.py to test_rnn_cc_detection.py

0ff86ea

Created unittest metadatamanager.py

421c36b

Updated module_factory.py

ae11bf5

Updated CI-production-testing.yml

a25016f

Updated CI-staging.yml

d3f2ca2

Update test_metadata_manager.py

2487373

Updated module_factory.py

8ceeca6

Created unittest for process_manager.py

93717f2

Updated module_factory.py

85ca8d4

Updated CI-production-testing.yml

eed0c95

Updated CI-staging.yml

6e53fff

Merge pull request #1135 from stratosphereips/dependabot/pip/install/…

c3ec132

…develop/six-1.17.0 build(deps): bump six from 1.16.0 to 1.17.0 in /install

Merge pull request #1137 from stratosphereips/dependabot/pip/install/…

c4baa3c

…develop/redis-5.2.1 build(deps): bump redis from 5.1.1 to 5.2.1 in /install

Created unittest for process_manager.py

e0a62d2

Updated module_factory.py

196b98c

update branch with the latest develop

4c7f5ed

test_process_manager.py: update unit tests

5931930

unit-tests.yml: run test_process_manager.py in CI

c169bec

Created unittest metadatamanager.py

aa35df9

AlyaGomaa added 29 commits January 29, 2025 22:39

rename evidencehanlder.py to evidencr_handler.py

929e816

set_evidence: Add the flow query as a victim to the invalid_dns_answe…

d7bb19d

…r evidence to be able to check if it's whitelisted

db: delete the old tranco whitelist before storing the new one

5953a75

update_manager: remove extra \n at the end of tranco domains before s…

b5537b7

…toring them in the db

whitelist: check the SNI of attackers and victims of every evidence

ec875fa

test_set_evidence.py: fix invalid_dns_answer unit test

428c308

test_zeek_dataset.py: dont check for Multiple empty HTTP connections …

422759b

…to google.com"

ssl.py: In the "Incompatible CN" detection, check the CN from the sub…

57dacf7

…ject field, not the issuer field.

update test_detect_incompatible_cn unit test

ec2c146

Merge remote-tracking branch 'origin/alya/fix_whitelists' into alya/f…

1357131

…ix_whitelists

update test15 integration test

7082563

uncomment the rest of zeek integration tests

2584110

fix zeek integration tests

f2d5a35

fix test_set_evidence.py unit tests

6244dd5

pytest: suppress tensorflow warnings and errors

f57b46d

test_zeek_dataset.py: the JA3 evidence description of test15

06ad5e7

test_zeek_dataset.py: fix test9 integration test

2631b35

test9: change the server name in order to detect the malicious ja3s e…

040743c

…vidence

upgrade actions/upload-artifact to v4

55e7712

Merge pull request #1195 from stratosphereips/alya/fix_whitelists

8f7c485

Fix reading tranco whitelist and support checking attacker and victim SNIs for whitelisted domains

update changelog and docs

5787a21

daemon: support kwargs in print() for backwards compatibility

f7fd756

db: dont delete zeekfiles if flush_db isn't set to True

9bb30e0

ui_manager: print the PID of the web interface when it starts

bbc140b

Make it optional to create logfiles when creating Output obj

76e4c0d

input.py: fix problem getting zeek files

afc7837

bump slips version to 1.1.6

c466e9b

update slips.gif

4e2ca11

Merge pull request #1207 from stratosphereips/alya/fix-analyzing_flow…

7b847cd

…s_when_-w_is_given Fix clearing zeek files from the database when the web interface is started using -w

AlyaGomaa merged commit 8596c9a into master Jan 31, 2025
64 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Slips v1.1.6 #1208

Slips v1.1.6 #1208

AlyaGomaa commented Jan 31, 2025

Slips v1.1.6 #1208

Slips v1.1.6 #1208

Conversation

AlyaGomaa commented Jan 31, 2025