Comments (5)
Ondjultomte
commented on June 27, 2024
Ops, topic got cut.
from stratospherelinuxips.
Ondjultomte
commented on June 27, 2024
linuxkit-6a8162938e55:/StratosphereLinuxIPS# ps afx|grep redis
1 pts/0 Ssl 0:00 /usr/bin/qemu-x86_64 /bin/sh /bin/sh -c redis-server --daemonize yes && /bin/bash
5185 pts/0 Sl+ 0:00 _ /usr/bin/qemu-x86_64 /usr/bin/grep grep --color=auto redis
redis seems to be running
from stratospherelinuxips.
Ondjultomte
commented on June 27, 2024
root@linuxkit-6a8162938e55:/StratosphereLinuxIPS# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:56233 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp6 0 0 :::58897 :::* LISTEN -
tcp6 0 0 :::111 :::* LISTEN -
from stratospherelinuxips.
AlyaGomaa
commented on June 27, 2024
hello @Ondjultomte
Check the docker map here to know which docker image is the correct one for your arch
https://github.com/stratosphereips/StratosphereLinuxIPS/tree/develop#build-slips-from-the-dockerfile
This docker image stratosphereips/slips:latest is for Linux
Since you're using Apple's M1, you should use the macosm1-image instead
https://hub.docker.com/r/stratosphereips/slips_macos_m1
let us know how it goes!
from stratospherelinuxips.
Ondjultomte
commented on June 27, 2024
@linuxkit-6a8162938e55:/StratosphereLinuxIPS# ./slips.py dataset/carina_00007_20231107144105.pcap
usage: ./slips.py -c [options] [file]
slips.py: error: unrecognized arguments: dataset/carina_00007_20231107144105.pcap
root@linuxkit-6a8162938e55:/StratosphereLinuxIPS# python3 slips.py -e 1 -f dataset/infected.pcap
[Main] Storing Slips logs in output/infected.pcap_2023-11-13_14:13:26/
Slips. Version 1.0.7 (822db6d)
https://stratosphereips.org
[Main] Using redis server on port: 6379
Started Main process [PID 70]
Started Output Process [PID 101]
Starting modules
Starting the module Risk IQ (Module to get passive DNS info about IPs from RiskIQ) [PID 131]
Starting the module ARP (Detect arp attacks) [PID 133]
Starting the module Flow Alerts (Alerts about flows: long connection, successful ssh, password guessing, self-signed certificate, data exfiltration, etc.) [PID 136]
Starting the module Flow ML Detection (Train or test a Machine Learning model to detect malicious flows) [PID 139]
Starting the module HTTP Analyzer (Analyze HTTP flows) [PID 142]
Starting the module IP Info (Get different info about an IP/MAC address) [PID 144]
Starting the module Leak Detector (Detect leaks of data in the traffic) [PID 152]
Starting the module Network Discovery (Detect Horizonal, Vertical Port scans, ICMP, and DHCP scans) [PID 156]
Starting the module Threat Intelligence (Check if the source IP or destination IP are in a malicious list of IPs) [PID 162]
Starting the module Timeline (Creates kalipso timeline of what happened in the network based on flows and available data) [PID 165]
Starting the module Update Manager (Update Threat Intelligence files) [PID 171]
Starting the module Virustotal (IP, domain and file hash lookup on Virustotal) [PID 177]
[Main] Disabled Modules: ['template', 'ensembling', 'rnnccdetection', 'Exporting Alerts', 'p2ptrust', 'CESNET', 'blocking', 'CYST']
[Evidence] Storing Slips logs in output/infected.pcap_2023-11-13_14:13:26/
Started Evidence Process [PID 179]
Started Profiler Process [PID 181]
[Main] Metadata added to output/infected.pcap_2023-11-13_14:13:26/metadata
Started Input Process [PID 183]
[Main] Warning: Slips may generate a large amount of traffic by querying TI sites.
[Input] Storing zeek log files in output/infected.pcap_2023-11-13_14:13:26/zeek_files
[Input] Problem in main() line 177
[Input] Traceback (most recent call last):
File "/StratosphereLinuxIPS/slips_files/common/abstracts.py", line 177, in run
error: bool = self.main()
File "/StratosphereLinuxIPS/slips_files/core/inputProcess.py", line 895, in main
self.handle_pcap_and_interface()
File "/StratosphereLinuxIPS/slips_files/core/inputProcess.py", line 628, in handle_pcap_and_interface
self.start_observer()
File "/StratosphereLinuxIPS/slips_files/core/inputProcess.py", line 619, in start_observer
self.event_observer.start()
File "/usr/local/lib/python3.8/dist-packages/watchdog/observers/api.py", line 256, in start
emitter.start()
File "/usr/local/lib/python3.8/dist-packages/watchdog/utils/init.py", line 93, in start
self.on_thread_start()
File "/usr/local/lib/python3.8/dist-packages/watchdog/observers/inotify.py", line 118, in on_thread_start
self._inotify = InotifyBuffer(path, self.watch.is_recursive)
File "/usr/local/lib/python3.8/dist-packages/watchdog/observers/inotify_buffer.py", line 35, in init
self._inotify = Inotify(path, recursive)
File "/usr/local/lib/python3.8/dist-packages/watchdog/observers/inotify_c.py", line 155, in init
Inotify._raise_error()
File "/usr/local/lib/python3.8/dist-packages/watchdog/observers/inotify_c.py", line 405, in _raise_error
raise OSError(err, os.strerror(err))
from stratospherelinuxips.
Related Issues (20)
- Installation issues and official python 3.8
- Add more tests to test_http_analyzer.py
- Delete azure from microsoft domains and whitelists, we shouldn’t whitelist these.
- Change slips.conf format to yaml.
- add an evidence when DoH is detected, and don't alert connection without DNS when DoH is detected HOT 1
- Building slips from dockerfile failed HOT 3
- False Positive in C&C channel detection model
- The whitelist of organizations is not being applied to the Host in HTTP
- Add more tests for Threat_intelligence Module
- Add more tests to Leak_Detector
- Add test for set_evidence.py
- In multiple empty connections we should match www.google.*, and check that the domain belongs to google organization
- Check if it’s better to have a TI list of benign UAs or a list of Malicious UAs
- Fix FP the “conn to private ip to the routers ip on port 67”
- Add more IPs to the invalid DNS answers list for detecting DNS re-binding
- add tests for urlhaus module
- add more tests to test_update_file_manager.py
- Local-link addresses and multicast addresses are not considered part of the local network, and they should.
- There is a need to analyze and better understand how Slips changes detections based on thresholds and TI feeds and modules HOT 1
- Fix the format of the documentation HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stratospherelinuxips.