StratosphereLinuxIPS icon indicating copy to clipboard operation
StratosphereLinuxIPS copied to clipboard

Published 20 hours ago verified publisher icon stratosphereips

Learn and whitelist benign IPs

Open AlyaGomaa opened this issue 1 year ago • 2 comments

learning of IPs should be done in training mode (in slips.conf) Whitelisting IPs can be done using one of the following ways:

  • Whitelist the top IPs used (sorted by the amount of packets sent/recvd to each IP)
  • Whitelist IPs that appear more than 5 times
  • Whitelist all the IPs you see

AlyaGomaa avatar Feb 13 '24 11:02 AlyaGomaa

Hi, @AlyaGomaa since no one has been assigned to this issue, is it okay if I begin working on this

Atlas-64 avatar Feb 27 '24 12:02 Atlas-64

would it be fine if I just define a seperate function within flowmldetection.py which does the above and returns a list of whitelisted IPs? or would we prefer creating a whole behavioral module from scratch for training slips on whitelisted IPs

Atlas-64 avatar Feb 29 '24 05:02 Atlas-64