v1.1.16

• Add an alerts visualiser web interface for TAXII servers.
• Change the usage of the -g option; now Slips requires the interface name to monitor when using -g.
• Drop support for the dynamic reloading of the whitelist.
• Evidence handler and whitelist speedup by using bloom filters.
• Fix false positive evidence on connection to IP outside local network when the IP is multicast.
• Fix P2P unable to connect to the Redis database when using -m.
• Fix problem reporting evidence when Slips is monitoring one interface.
• Handle Slips and iptables failovers when running Slips as an access point in the Raspberry Pi.

v1.1.15

• Support monitoring two interfaces when Slips is running as an access point.
• Improve running slips on a growing zeek directory (using -g): Slips can now detect the used interface, host IP and gateway IP.

v1.1.14

• Security Patch for CVE-2025-49844: Force use of Redis version 8.2.2

v1.1.13

• Add detection for DNS answers of malicious DNS queries.
• Add support for Zeek v8.0.0.
• Speed up evidence processing in Slips.
• Update Python dependencies.

v1.1.12

• Better filtering of attacks in the ARP poisoner filter.
• Cache ARP scan results to avoid flooding the network with ARP packets.
• Exclude poisoning the gateway using the ARP poisoner.
• Increase the delay between ARP poisoning attempts to avoid flooding the network.
• Local P2P trust model improvements.

v1.1.11

• Fix the local P2P trust model.
• Fix SQLite cursor errors.
• Avoid setting an alert about own IP and other Slips peers when ARP poisoning attackers.

v1.1.10

• Add support for unblocking attackers using IPtables after a probation period.
• Add support for blocking attackers using ARP poisoning.
• Improve how the gateway IP and MAC are detected.
• Support running Slips as an AP to block attackers in the RPI.

v1.1.9

• Add bootstrapping node mode for the global P2P. Thanks to @d-strat
• Add support for ARM64 architecture in Docker images.
• Fix issues getting domain registrants.
• Fix the "Database is locked" SQLite error.
• Fix the issue of Slips hanging when shutting down.
• Ignore URLs when found in threat intelligence feeds.
• Improve handling of Zeek tab-separated log files. Logs from Zeek old versions are now read correctly.
• Optimize IP Info module.
• Print flows processed per minute in the stats printed to the CLI.
• Support reading labeled Zeek logs and using their labels in Slips modules.

v1.1.8

• Fix SQLite database errors.
• Fix CPU and RAM profilers.
• Fix the issue with AsyncModules not shutting down gracefully.

v1.1.7

• Add global P2P support. Thanks to @d-strat
• Add new "GRE tunnel scan" detections.
• Add the option to enable/disable local and online whitelists from slips.yaml.
• Fix false positive "Connection to a private IP outside of local network" detection. Slips now doesn't alert on DNS servers outside of local network.
• Fix false positive "Connection to a private IP" detection when the connection is DHCP.
• Fix false positive "Device changing IP" detection alerting about special IPs.
• Fix false positive "Invalid DNS answer" detection alerting about .arpa domains.
• Fix false positive "non-HTTP established connection on port 80".
• Fix false positive "non-SSL established connection on port 443".
• Improve "Connection to unknown port" detections. Now the threat level depends on the flow state.
• Improve "DNS without connection" evidence. Slips now only detects when the query type is A or AAAA.
• Improve the description of malicious flow by MLflowdetection module.
• Improve the detections of the MLflowdetection module.
• Improve the existing "GRE tunnel" detections.
• Improve whitelists: Slips is now whitelisting CNAME, SNI, related queries, and DNS resolutions of attackers and victims.