v1.0.14

• Improve whitelists by better matching of ASNs, domains, and organizations.
• Whitelist Microsoft, Apple, Twitter, Facebook, and Google alerts by default to reduce false positives.
• Better unit tests. Thanks to @Sekhar-Kumar-Dash
• Speed up port scan detections.
• Fix the issue of overwriting Redis configuration file every run.
• Add more info to metadata/info.txt for each run.

v1.0.13

• Whitelist alerts to all organizations by default to reduce false positives.
• Improve and compress Slips Docker images.
• Improve CI and add pre-commit hooks.
• Fix problem reporting victims in alerts.json.
• Better docs for the threat intelligence module.
• Improve whitelists.
• Better detection threshold to reduce false positives.
• Better unit tests.
• Fix problems stopping the daemon.

v1.0.12

• Add an option to specify the current client IP in slips.conf to help avoid false positives.
• Better handling of URLhaus threat intelligence.
• Change how slips determines the local network of the current client IP.
• Fix issues with the progress bar.
• Fix problem logging alerts and errors to alerts.log and erros.log.
• Fix problem reporting evidence to other peers.
• Fix problem starting the web interface.
• Fix whitelists.
• Improve how the evidence for young domain detections is set.
• Remove the description of blacklisted IPs from the evidence description and add the source TI feed instead.
• Set evidence to all young domain IPs when a connection to a young domain is found.
• Set two evidence in some detections e.g. when the source address connects to a blacklisted IP, evidence is set for both.
• Use blacklist name instead of IP description in all evidence.
• Use the latest Redis and NodeJS version in all docker images.

v1.0.11

• Improve the logging of evidence in alerts.json and alerts.log.
• Optimize the storing of evidence in the Redis database.
• Fix problem of missing evidence, now all evidence is logged correctly.
• Fix problem adding flows to incorrect time windows.
• Fix problem setting SSH version changing evidence.
• Fix problem closing Redis ports using -k.
• Fix problem closing the progress bar.
• Fix problem releasing the terminal when Slips is done.

v1.0.10

• Faster ensembling of evidence.
• Log accumulated threat levels of each evidence in alerts.json.
• Better handling of the termination of the progress bar.
• Re-add support for tensorflow to the dockers for macOS M1 and macOS M1 P2P.
• Fix problem setting 'vertical portscan' evidence detected by Zeek.
• Fix unable to do RDAP lookups
• Fix stopping Slips daemon.

v1.0.9

• Fix using -k to kill opened Redis servers.
• Better README and docs.
• Improve URLhaus detections.
• Improve the detection of vertical and horizontal portscans.
• Unify disabled module names printed in the CLI.
• Set the threat level reported to other peers to the max of threat levels seen in any time window.
• Faster detections of devices changing IPs.
• Remove the home_network feature from Slips.
• Faster detection of alerts.
• Fix the problem of not using 'command and control channel' evidence in the alert of each profile.

v1.0.8

• Use All-ID hash to fingerprint flows stored in the flows database.
• Increase the weight of port scan alerts by increasing its threat level.
• Fix false positive port scan alerts.
• Add an option in slips.conf to wait for the update manager to update all TI feeds before starting Slips to avoid missing any blacklisted IPs evidence.
• Fix error detecting password guessing.
• Fix issues reading all flows when running on a low-spec device.
• Improve the stopping of slips and termination of processes.
• Improve the progress bar.
• Fix reading flows from stdin.
• Better code, logs, and unit tests.

v1.0.7

• CPU and memory profilers thanks to @danieltherealyang
• Check DNS queries and answers for whitelisted IPs and domains.
• Add AID flow hash to all conn.log flows, which is a combination of community_id and the flow's timestamp.
• SQLite database improvements and better error handling.
• Add support for exporting Slips alerts to a SQLite database .

v1.0.6

• Store flows in SQLite database in the output directory instead of Redis.
• 55% RAM usage decrease.
• Support the labeling of flows based on Slips detections.
• Add support for exporting labeled flows in JSON and tsv formats.
• Code improvements. Change the structure of all modules.
• Graceful shutdown of all modules thanks to @danieltherealyang
• Print the number of evidence generated by Slips when running on PCAPs and interface.
• Improved the detection of ports that belong to a specific organization.
• Fix bugs in CYST module.
• Fix URLhaus evidence description.
• Fix the freezing progress bar issue.
• Fix problem starting Slips in docker in Linux.
• Ignore ICMP scans if the flow has ICMP type 3
• Improve our whitelist. Slips now checks for whitelisted attackers and victims in the generated evidence.
• Add embedded documentation in the web interface thanks to @shubhangi013
• Improved the choosing of random Redis ports using the -m parameter.

v1.0.5

• Fix missing flows due to modules stopping before the processing is done.
• Code improvements. Change the structure of all modules.
• Fix how we detect vertical and horizontal port scans.
• Update the whitelist by adding all the IPs of whitelisted domains.
• Fixed error whitelisting Unencrypted HTTP traffic.
• Remove the feature of creating log directories using -l, now the only logs Slips generates are stored in the output/ directory.
• Added support for reading flows from any module, not just the input process, using --input-module.
• CYST module improvements.
• Detect invalid DNS answers when querying ad servers. thanks to @ganesh-dagadi .
• Update Slips known ports.
• Prevent model.bin and scaler.bin from changing in test mode. thanks to @haleelsada.
• Use either 'ip neigh show' or 'arp -an' to get gateway MAC from the host's ARP table. thanks to @naturalnetworks.