Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some threat intelligence lists have false positives. Slips should filter the easy ones. #1094

Open
eldraco opened this issue Dec 1, 2024 · 2 comments
Open

Some threat intelligence lists have false positives. Slips should filter the easy ones. #1094

eldraco opened this issue Dec 1, 2024 · 2 comments
Assignees
@AlyaGomaa @AbhiramMasna
Labels
Bug Difficulty: Beginners Stuff that you can do with skills for starters Help wanted

Comments

@eldraco
Copy link
Collaborator

eldraco commented Dec 1, 2024

Describe the bug
Some TI feeds still have FP. Slips can not stop that, but it can filter the easy ones, like IP 255.255.255.255 and 0.0.0.0

This was found in a private capture

`2024-12-01T18:31:58.128457+00:00 (TW 2): Src IP 255.255.255.255 . Detected connection from blacklisted IP: 0.0.0.0 to 255.255.255.255. Description: 0.0.0.0/8. Source: firehol_level1.netset. threat level: low. IP 0.0.0.0 appears in blacklist: firehol_level1.netset.``

Expected behavior
Not to have this FP

Branch
Docker running slips_light
Develop 1.1.4

Environment (please complete the following information):

OS: macos m1
Version: m1
Python version Python 3.10.12
Are you running slips in docker or locally? yes in docker
Docker version (if running slips in docker) 4.36.0
Commit hash: ( git rev-parse --short HEAD ): not shown in the docker version
@eldraco eldraco added Bug Help wanted Difficulty: Beginners Stuff that you can do with skills for starters labels Dec 1, 2024
@eldraco eldraco added this to Slips Dec 1, 2024
@github-project-automation github-project-automation bot moved this to Todo in Slips Dec 1, 2024
@AbhiramMasna
Copy link

Hey @eldraco is it okay if i contribute to this issue?

@AlyaGomaa
Copy link
Collaborator

hey sure you can. let us know if you need any help!

@hillhack hillhack mentioned this issue Jan 4, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlyaGomaa AlyaGomaa

@AbhiramMasna AbhiramMasna

Labels
Bug Difficulty: Beginners Stuff that you can do with skills for starters Help wanted
Projects
Slips
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eldraco @AlyaGomaa @AbhiramMasna