Skip to content

v1.1.5

Latest
Latest
Compare
Choose a tag to compare
@AlyaGomaa AlyaGomaa released this 03 Jan 11:40
v1.1.5
232ba5b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
  • 200x times speedup of domain lookups in the threat intelligence module.
  • Add a threat level and confidence to each alert.
  • Add evidence for CN and hostname mismatch in SSL flows.
  • Add multiple telnet reconnection attempts detection.
  • Add support to IP ranges as the client_ip in slips.yaml
  • Alert "invalid DNS answer" on all private DNS answers.
  • Don't alert "high entropy TXT answers" for flows from multicast IPs.
  • Fix multiple reconnection attempts detection.
  • Fix problem downloading the latest MAC database from macvendors.com
  • Improve the detection of the Gateway IP and MAC when running on files and PCAPs.
  • Improve unit tests. Special thanks to @Sekhar-Kumar-Dash.
  • Split the "connection to/from blacklisted IPs" detection into two different evidence with different threat levels.
  • Update Slips internal list of Apple known ports.

Contributors

Sekhar-Kumar-Dash
Assets 2
Loading