Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slips v1.0.12 #482

Merged
merged 114 commits into from
Mar 15, 2024
Merged

Slips v1.0.12 #482

merged 114 commits into from
Mar 15, 2024

Conversation

AlyaGomaa
Copy link
Collaborator

  • Add an option to specify the current client IP in slips.conf to help avoid false positives.
  • Better handling of URLhaus threat intelligence.
  • Change how slips determines the local network of the current client IP.
  • Fix issues with the progress bar.
  • Fix problem logging alerts and errors to alerts.log and erros.log.
  • Fix problem reporting evidence to other peers.
  • Fix problem starting the web interface.
  • Fix whitelists.
  • Improve how the evidence for young domain detections is set.
  • Remove the description of blacklisted IPs from the evidence description and add the source TI feed instead.
  • Set evidence to all young domain IPs when a connection to a young domain is found.
  • Set two evidence in some detections e.g. when the source address connects to a blacklisted IP, evidence is set for both.
  • Use blacklist name instead of IP description in all evidence.
  • Use the latest Redis and NodeJS version in all docker images.

@AlyaGomaa
catch problem json loading urlhaus responses
2c48014
@AlyaGomaa
get client_ips from the config file
493145b
@AlyaGomaa
flowalerts: don't detect conn without dns if the daddr is in our clie…
a3120bb 
…nt_ips
@AlyaGomaa
add type hinting
e7a7e42
@AlyaGomaa
Merge pull request #460 from stratosphereips/alya/ignore_client_ip_in…
02b2281 
…_dns_without_conn_evidence

Ignore client ip in dns without conn evidence
@AlyaGomaa
flowalerts: use the dns answer of young domains to set evidence for t…
014b187 
…he ip of that domain
@AlyaGomaa
flowalerts: move weird http method detections to http analyzer module
37d6731
@AlyaGomaa
flowalerts: set 2 evidence for some detections, one for the saddr and…
587bcb2 
… one for the daddr
@AlyaGomaa
p2p: when the network reports a malicious ip, set an evidence for the…
437a498 
… src and the dst ips
@AlyaGomaa
p2p: remove the commented code for sending a blame report, handle_upd…
ee53482 
…ate()
@AlyaGomaa
threat_intel: have a separate function for handling BLACKLISTED_DNS_A…
acf9367 
…NSWER
@AlyaGomaa
threat_intel: have more descriptive evidence when there's an evidence…
5807200 
… of a malicious ASN for an IP in a DNS answer
@AlyaGomaa
threat_intel: have a separate function to lookup cnames from dns answers
7fd416b
@AlyaGomaa
set evidence for saddr and daddr for some evidence
6d64dad
@AlyaGomaa
update unit tests
9278928
@AlyaGomaa
flowalerts: use the dns answer of young domains to set evidence for t…
85b2020 
…he ip of that domain
@AlyaGomaa
flowalerts: move weird http method detections to http analyzer module
a95d46f
@AlyaGomaa
flowalerts: set 2 evidence for some detections, one for the saddr and…
7e06dd7 
… one for the daddr
@AlyaGomaa
p2p: when the network reports a malicious ip, set an evidence for the…
6556ed5 
… src and the dst ips
@AlyaGomaa
p2p: remove the commented code for sending a blame report, handle_upd…
8b01955 
…ate()
@AlyaGomaa
threat_intel: have a separate function for handling BLACKLISTED_DNS_A…
1210179 
…NSWER
@AlyaGomaa
threat_intel: have more descriptive evidence when there's an evidence…
6d071d3 
… of a malicious ASN for an IP in a DNS answer
@AlyaGomaa
threat_intel: have a separate function to lookup cnames from dns answers
9a66a0c
@AlyaGomaa
set evidence for saddr and daddr for some evidence
caab6a5
@AlyaGomaa
update unit tests
1f96b6d
@AlyaGomaa
Merge remote-tracking branch 'origin/alya/set_evidence_for_saddr_and_…
747f1ad 
…daddr' into alya/set_evidence_for_saddr_and_daddr
@AlyaGomaa
db: use snake case for domain functions
1f9af7a
@AlyaGomaa
fix problem printing traceback on exceptions
ec07f26
@AlyaGomaa
db: fix problem getting get_all_flows_in_profileid
27698e5
@AlyaGomaa
db: properly handle domain resolutions from the db
ec3caa6
AlyaGomaa added 29 commits March 11, 2024 15:21
@AlyaGomaa
evidence: fix problem showing popups
9b3687d
@AlyaGomaa
Merge pull request #477 from stratosphereips/alya/fix_whitelist
0b8944c 
Fix whitelist
@AlyaGomaa
db: rename store_process_PID() to store_pid()
e5e0d35
@AlyaGomaa
ui_manager.py: use cwd when executing python3 webinterface/app.py
b6bda3d
@AlyaGomaa
treat the web interface as a package
ce0fb9e
@AlyaGomaa
start the web interface using python3 -m
03fc1b5
@AlyaGomaa
ui_manager: confirm that the port is available before starting the we…
891d025 
…b interface thread
@AlyaGomaa
move is_port_in_use() from redis_manager.py to slips_utils()
fa12fd3
@AlyaGomaa
slips_utils: fix checking if a port is in use
8219e9e
@AlyaGomaa
ui_manager: fix checking if a port is in use
f6dcd3a
@AlyaGomaa
Merge pull request #478 from stratosphereips/alya/fix_starting_webint…
41b4f25 
…erface

Fix starting the web interface.  #465
@AlyaGomaa
rename store_process_PID() to store_pid()
c8513b8
@AlyaGomaa
move the checks for stopping slips to process_manager.py
dc66e98
@AlyaGomaa
use the latest redis version in all dockerfiles
e9de0a6
@AlyaGomaa
use the latest redis version in install.sh
55013dd
@AlyaGomaa
migrate the deprecated nodejs installation script in dockerfiles and …
1a315ec 
…install.sh
@AlyaGomaa
update the docs
e8ac010
@AlyaGomaa
rename store_process_PID() to store_pid()
a2fcd34
@AlyaGomaa
move the checks for stopping slips to process_manager.py
3c25ad0
@AlyaGomaa
use the latest redis version in all dockerfiles
03f9dd2
@AlyaGomaa
use the latest redis version in install.sh
22923a7
@AlyaGomaa
Merge remote-tracking branch 'origin/alya/handle_conn_reset_by_peer' …
7fe6435 
…into alya/handle_conn_reset_by_peer

# Conflicts:
#	managers/ui_manager.py
@AlyaGomaa
fix problem stopping slips
9e9ae29
@AlyaGomaa
Merge pull request #481 from stratosphereips/alya/handle_conn_reset_b…
a2d12a5 
…y_peer

Handle conn reset by peer && update redis version in dockerfiles and install.sh
@AlyaGomaa
Merge remote-tracking branch 'origin/alya/migrate_nodejs_script' into…
ca4b113 
… develop
@AlyaGomaa
flowalerts: refactor check_dns_without_connection()
b88188d
@AlyaGomaa
update slips version to 1.0.12
96d6781
@AlyaGomaa
update changelog
f5df183
@AlyaGomaa
update slips.gif to use the latest version
9fc1f89
@AlyaGomaa AlyaGomaa merged commit d697955 into master Mar 15, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AlyaGomaa @roshnaeem @eldraco