v1.0.12

• Add an option to specify the current client IP in slips.conf to help avoid false positives.
• Better handling of URLhaus threat intelligence.
• Change how slips determines the local network of the current client IP.
• Fix issues with the progress bar.
• Fix problem logging alerts and errors to alerts.log and erros.log.
• Fix problem reporting evidence to other peers.
• Fix problem starting the web interface.
• Fix whitelists.
• Improve how the evidence for young domain detections is set.
• Remove the description of blacklisted IPs from the evidence description and add the source TI feed instead.
• Set evidence to all young domain IPs when a connection to a young domain is found.
• Set two evidence in some detections e.g. when the source address connects to a blacklisted IP, evidence is set for both.
• Use blacklist name instead of IP description in all evidence.
• Use the latest Redis and NodeJS version in all docker images.

v1.0.11

• Improve the logging of evidence in alerts.json and alerts.log.
• Optimize the storing of evidence in the Redis database.
• Fix problem of missing evidence, now all evidence is logged correctly.
• Fix problem adding flows to incorrect time windows.
• Fix problem setting SSH version changing evidence.
• Fix problem closing Redis ports using -k.
• Fix problem closing the progress bar.
• Fix problem releasing the terminal when Slips is done.

v1.0.10

• Faster ensembling of evidence.
• Log accumulated threat levels of each evidence in alerts.json.
• Better handling of the termination of the progress bar.
• Re-add support for tensorflow to the dockers for macOS M1 and macOS M1 P2P.
• Fix problem setting 'vertical portscan' evidence detected by Zeek.
• Fix unable to do RDAP lookups
• Fix stopping Slips daemon.

v1.0.9

• Fix using -k to kill opened Redis servers.
• Better README and docs.
• Improve URLhaus detections.
• Improve the detection of vertical and horizontal portscans.
• Unify disabled module names printed in the CLI.
• Set the threat level reported to other peers to the max of threat levels seen in any time window.
• Faster detections of devices changing IPs.
• Remove the home_network feature from Slips.
• Faster detection of alerts.
• Fix the problem of not using 'command and control channel' evidence in the alert of each profile.

v1.0.8

• Use All-ID hash to fingerprint flows stored in the flows database.
• Increase the weight of port scan alerts by increasing its threat level.
• Fix false positive port scan alerts.
• Add an option in slips.conf to wait for the update manager to update all TI feeds before starting Slips to avoid missing any blacklisted IPs evidence.
• Fix error detecting password guessing.
• Fix issues reading all flows when running on a low-spec device.
• Improve the stopping of slips and termination of processes.
• Improve the progress bar.
• Fix reading flows from stdin.
• Better code, logs, and unit tests.

v1.0.7

• CPU and memory profilers thanks to @danieltherealyang
• Check DNS queries and answers for whitelisted IPs and domains.
• Add AID flow hash to all conn.log flows, which is a combination of community_id and the flow's timestamp.
• SQLite database improvements and better error handling.
• Add support for exporting Slips alerts to a SQLite database .

v1.0.6

• Store flows in SQLite database in the output directory instead of Redis.
• 55% RAM usage decrease.
• Support the labeling of flows based on Slips detections.
• Add support for exporting labeled flows in JSON and tsv formats.
• Code improvements. Change the structure of all modules.
• Graceful shutdown of all modules thanks to @danieltherealyang
• Print the number of evidence generated by Slips when running on PCAPs and interface.
• Improved the detection of ports that belong to a specific organization.
• Fix bugs in CYST module.
• Fix URLhaus evidence description.
• Fix the freezing progress bar issue.
• Fix problem starting Slips in docker in Linux.
• Ignore ICMP scans if the flow has ICMP type 3
• Improve our whitelist. Slips now checks for whitelisted attackers and victims in the generated evidence.
• Add embedded documentation in the web interface thanks to @shubhangi013
• Improved the choosing of random Redis ports using the -m parameter.

v1.0.5

• Fix missing flows due to modules stopping before the processing is done.
• Code improvements. Change the structure of all modules.
• Fix how we detect vertical and horizontal port scans.
• Update the whitelist by adding all the IPs of whitelisted domains.
• Fixed error whitelisting Unencrypted HTTP traffic.
• Remove the feature of creating log directories using -l, now the only logs Slips generates are stored in the output/ directory.
• Added support for reading flows from any module, not just the input process, using --input-module.
• CYST module improvements.
• Detect invalid DNS answers when querying ad servers. thanks to @ganesh-dagadi .
• Update Slips known ports.
• Prevent model.bin and scaler.bin from changing in test mode. thanks to @haleelsada.
• Use either 'ip neigh show' or 'arp -an' to get gateway MAC from the host's ARP table. thanks to @naturalnetworks.

v1.0.4

• Add more descriptive titles to VT scores in the web UI thanks to @shubhangi.
• Add stratoletters documentation, thanks to @haleelsada.
• Add the detection of GRE tunnels.
• Auto publish our MacOS Docker image when there's a new release, thanks to @pjflux2001
• Detect malicious JARM hashes when there's a C&C alert and add our own malicious JARM hashes TI file.
• Fix error getting IP confidence in P2P module.
• Fix false positive alerts about "connection to private IP" thanks to @Onyx2406.
• Fix problem killing all modules before the TI module stops.
• Fix problem detecting vertical and horizontal port scans.
• Improved CLI progress bar and status updates.
• Keep a history of the past user-agents by @haleelsada.
• More descriptive evidence.
• Refactor code thanks to @danieltherealyang.
• Update Slips default whitelist.
• Web UI highlighting, new icons, and bug fixes.

v1.0.3

• Add HTTP unencrypted traffic detection by @haleelsada
• use termcolor by @haleelsada
• Instead of dos detection. slips is now detecting all executables thanks to @Onyx2406
• Updated the docs for contributing
• Fix Leak detector errors when a different version of YARA is used.
• fix problem with counting the number of flows to be processed in the progress bar
• Remove debugging prints printed by the whois python library to stderr