Skip to content

Releases: stratosphereips/StratosphereLinuxIPS

v1.1.17

30 Jan 21:29

Choose a tag to compare

  • Expanded Immune dataset documentation with performance evaluations and bottleneck analysis.
  • Improve horizontal, vertical, and ICMP portscan detection logic and speed.
  • Improved handling of high-throughput traffic.
  • Optimize profiler architecture: backpressure, dynamic worker scaling, true multiprocessing.
  • Reduce false positives for "public IPs outside of localnet" evidence.
  • Reduce the number of duplicate port scan evidence by using a log scale.
  • Speed up Github CI testing.
  • Speed up Slips processing and reduce RAM usage.
  • Suppress duplicate “unknown port” evidence for every scanned port when a portscan is detected.
  • Fix the evidence button in the Web UI.

v1.1.16

01 Dec 15:29

Choose a tag to compare

  • Add an alerts visualiser web interface for TAXII servers.
  • Change the usage of the -g option; now Slips requires the interface name to monitor when using -g.
  • Drop support for the dynamic reloading of the whitelist.
  • Evidence handler and whitelist speedup by using bloom filters.
  • Fix false positive evidence on connection to IP outside local network when the IP is multicast.
  • Fix P2P unable to connect to the Redis database when using -m.
  • Fix problem reporting evidence when Slips is monitoring one interface.
  • Handle Slips and iptables failovers when running Slips as an access point in the Raspberry Pi.

v1.1.15

31 Oct 12:40
7e71c0a

Choose a tag to compare

  • Support monitoring two interfaces when Slips is running as an access point.
  • Improve running slips on a growing zeek directory (using -g): Slips can now detect the used interface, host IP and gateway IP.

v1.1.14

14 Oct 12:29
3781499

Choose a tag to compare

  • Security Patch for CVE-2025-49844: Force use of Redis version 8.2.2

v1.1.13

01 Sep 18:26
dcd77a1

Choose a tag to compare

  • Add detection for DNS answers of malicious DNS queries.
  • Add support for Zeek v8.0.0.
  • Speed up evidence processing in Slips.
  • Update Python dependencies.

v1.1.12

31 Jul 21:12
5f0e143

Choose a tag to compare

  • Better filtering of attacks in the ARP poisoner filter.
  • Cache ARP scan results to avoid flooding the network with ARP packets.
  • Exclude poisoning the gateway using the ARP poisoner.
  • Increase the delay between ARP poisoning attempts to avoid flooding the network.
  • Local P2P trust model improvements.

v1.1.11

03 Jul 12:59
99fbbc1

Choose a tag to compare

  • Fix the local P2P trust model.
  • Fix SQLite cursor errors.
  • Avoid setting an alert about own IP and other Slips peers when ARP poisoning attackers.

v1.1.10

26 May 12:08
31e689d

Choose a tag to compare

  • Add support for unblocking attackers using IPtables after a probation period.
  • Add support for blocking attackers using ARP poisoning.
  • Improve how the gateway IP and MAC are detected.
  • Support running Slips as an AP to block attackers in the RPI.

v1.1.9

30 Apr 12:00
bfd402b

Choose a tag to compare

  • Add bootstrapping node mode for the global P2P. Thanks to @d-strat
  • Add support for ARM64 architecture in Docker images.
  • Fix issues getting domain registrants.
  • Fix the "Database is locked" SQLite error.
  • Fix the issue of Slips hanging when shutting down.
  • Ignore URLs when found in threat intelligence feeds.
  • Improve handling of Zeek tab-separated log files. Logs from Zeek old versions are now read correctly.
  • Optimize IP Info module.
  • Print flows processed per minute in the stats printed to the CLI.
  • Support reading labeled Zeek logs and using their labels in Slips modules.

v1.1.8

31 Mar 16:55
84cbbda

Choose a tag to compare

  • Fix SQLite database errors.
  • Fix CPU and RAM profilers.
  • Fix the issue with AsyncModules not shutting down gracefully.