Merge pull request #1138 from stratosphereips/develop

Slips v1.1.5

Author: AlyaGomaa

.github/workflows/unit-tests.yml

@@ -71,6 +71,7 @@ jobs:
           - test_timeline.py
           - test_database.py
           - test_symbols_handler.py
+          - test_profile_handler.py
 
     steps:
     - uses: actions/checkout@v4

.pre-commit-config.yaml

@@ -4,12 +4,8 @@ repos:
     hooks:
         - id: detect-secrets
           args: ['--baseline', '.secrets.baseline']
-          exclude: .*dataset/.*|
-                  (?x)(
-                         ^config/local_ti_files/own_malicious_JA3.csv$|
-                          .*test.* |
-                         .*\.md$
-                      )
+          exclude: '.*dataset/.*|^config/local_ti_files/own_malicious_JA3.csv$|.*test.*|.*\.md$'
+
 
 -     repo: https://github.com/pre-commit/pre-commit-hooks
       rev: v3.1.0
@@ -21,12 +17,7 @@ repos:
         - id: check-merge-conflict
         - id: end-of-file-fixer
         - id: detect-private-key
-          exclude: .*dataset/.* |
-                (?x)(
-                     ^config/$|
-                      .*test.* |
-                     .*\.md$
-              )
+          exclude: '.*dataset/.*|^config/local_ti_files/own_malicious_JA3.csv$|.*test.*|.*\.md$'
 
 -     repo: https://github.com/astral-sh/ruff-pre-commit
       # Ruff version.
@@ -36,13 +27,19 @@ repos:
         - id: ruff
           args: [ --fix ]
           # excludes formatting slips_files/common/imports.py
-          exclude: imports
+          exclude: (imports|sqlite_db.*)
 
 -     repo: https://github.com/psf/black-pre-commit-mirror
       rev: 24.4.2
       hooks:
         - id: black
           args: ['--line-length' , '79']
-          language_version: python3.10.12
+          language_version: python3.12.3
           # excludes formatting slips_files/common/imports.py
           exclude: imports
+
+-     repo: https://github.com/adrienverge/yamllint.git
+      rev: v1.31.0
+      hooks:
+        - id: yamllint
+          files: "slips.yaml"

CHANGELOG.md

@@ -1,3 +1,19 @@
+
+1.1.5 (Jan 3rd, 2025)
+- 200x times speedup of domain lookups in the threat intelligence module.
+- Add a threat level and confidence to each alert.
+- Add evidence for CN and hostname mismatch in SSL flows.
+- Add multiple telnet reconnection attempts detection.
+- Add support to IP ranges as the client_ip in slips.yaml
+- Alert "invalid DNS answer" on all private DNS answers.
+- Don't alert "high entropy TXT answers" for flows from multicast IPs.
+- Fix multiple reconnection attempts detection.
+- Fix problem downloading the latest MAC database from macvendors.com
+- Improve the detection of the Gateway IP and MAC when running on files and PCAPs.
+- Improve unit tests. Special thanks to @Sekhar-Kumar-Dash.
+- Split the "connection to/from blacklisted IPs" detection into two different evidence with different threat levels.
+- Update Slips internal list of Apple known ports.
+
 1.1.4.1 (Dec 3rd, 2024)
 - Fix abstract class starting with the rest of the modules.
 - Fix the updating of the MAC vendors database used in slips.

README.md

@@ -1,5 +1,5 @@
 <h1 align="center">
-Slips v1.1.4
+Slips v1.1.5
 </h1>
 
 

VERSION

@@ -1 +1 @@
-1.1.4.1
+1.1.5