-
Notifications
You must be signed in to change notification settings - Fork 180
Issues: stratosphereips/StratosphereLinuxIPS
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
make an anomaly detector using browser's User agents
Feature Request
Machine Learning
Needs knowledge of Machine Learning
Profiles that generate an alert while analysing PCAPs should be marked in red, not just timewindows
Difficulty: Beginners
Stuff that you can do with skills for starters
Web Interface
#1083
opened Nov 27, 2024 by
AlyaGomaa
updated Dec 14, 2024
the % of flows read don't show in the pcaps, but after the input process is done, we know the total floas to be processed by slips, we can then add the flows % to the stats using that number.
#1113
opened Dec 11, 2024 by
AlyaGomaa
updated Dec 11, 2024
query missing from "blacklisted dns answer" evidence
#1111
opened Dec 10, 2024 by
AlyaGomaa
updated Dec 10, 2024
RNN CC Detection module has 25+ threads opened when analysing a large pcap. check why
#1108
opened Dec 9, 2024 by
AlyaGomaa
updated Dec 9, 2024
Improve the documentation explaining how we check the vendor of computers with the MAC to filter
Difficulty: Beginners
Stuff that you can do with skills for starters
Documentation
Related to documentation
Help wanted
#958
opened Aug 27, 2024 by
eldraco
updated Dec 5, 2024
Disable modules if HW support is missing
#967
opened Aug 28, 2024 by
be-a-panther
updated Dec 3, 2024
GeoLite2-ASN.mmdb and GeoLite2-Country.mmdb are included in slips repo, download them on startup instead. They’re 11MB
#1103
opened Dec 3, 2024 by
AlyaGomaa
updated Dec 3, 2024
Some threat intelligence lists have false positives. Slips should filter the easy ones.
Bug
Difficulty: Beginners
Stuff that you can do with skills for starters
Help wanted
#1094
opened Dec 1, 2024 by
eldraco
updated Dec 2, 2024
The 'Detected Long Connection' detection wrongly considers broadcast addresses.
Bug
Difficulty: Beginners
Stuff that you can do with skills for starters
Help wanted
#1093
opened Dec 1, 2024 by
eldraco
updated Dec 1, 2024
CI: Publish the 2 docker images in parallel on push to master
#1091
opened Nov 29, 2024 by
AlyaGomaa
updated Nov 29, 2024
Be nice to have this ported to FreeBSD so it can work with Opnsense
#1089
opened Nov 29, 2024 by
lpingree
updated Nov 29, 2024
running_slips_infto.txt should have json lines instead
#1080
opened Nov 25, 2024 by
AlyaGomaa
updated Nov 25, 2024
To fix memory issues, we need to somehomw delete old info from our dbs (redis, and sqlite)
Difficulty: Advanced
Advanced python required
Feature Request
#677
opened Jul 2, 2024 by
AlyaGomaa
updated Nov 19, 2024
we can give slips a sqlite db to read the flows from instead of re reading the files when we need to do some small modifications in the config file
Difficulty: Advanced
Advanced python required
Feature Request
#681
opened Jul 2, 2024 by
AlyaGomaa
updated Nov 19, 2024
have two parallel flow alerts modules for faster detections
Feature Request
#686
opened Jul 2, 2024 by
AlyaGomaa
updated Nov 19, 2024
Set the vertical portscan threshold instead of 5, to a logarithmic scale so first the threshold 10 then 100 then 1000 etc
Feature Request
#691
opened Jul 2, 2024 by
AlyaGomaa
updated Nov 19, 2024
Detect legitimate remote access tools like teamviewer
Feature Request
#719
opened Jul 2, 2024 by
AlyaGomaa
updated Nov 19, 2024
add this to our zeek scripts https://github.com/keithjjones/zeek-njrat-detector
Feature Request
#724
opened Jul 2, 2024 by
AlyaGomaa
updated Nov 19, 2024
problem clicking on alerts button in web interface. nothing is displayed
Web Interface
#750
opened Jul 3, 2024 by
AlyaGomaa
updated Nov 19, 2024
check the detections in netography
Difficulty: Advanced
Advanced python required
Feature Request
#739
opened Jul 2, 2024 by
AlyaGomaa
updated Nov 5, 2024
Rename this key 'DstPortsClientTCPNot Established' used in the horizontal portscan to something that state that these are “resolved_ips”
#1030
opened Oct 9, 2024 by
AlyaGomaa
updated Oct 9, 2024
Check if we have issues, like illegal instruction running ml modules, we can disable them automatically
#1025
opened Oct 8, 2024 by
AlyaGomaa
updated Oct 8, 2024
Previous Next
ProTip!
Add no:assignee to see everything that’s not assigned.