OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: starfox101 on December 05, 2023, 05:14:44 PM

Title: This is basic, just can't find it
Post by: starfox101 on December 05, 2023, 05:14:44 PM
detected 14 and blocked 11 potentially harmful activities according to your rules. How do I find the detected harmful activities? Figure out if I should block them.

Thanks
Title: Re: This is basic, just can't find it
Post by: almodovaris on December 05, 2023, 05:19:30 PM
https://dash.zenarmor.com/firewalls/

Under Live sessions. Then apply what filters you want in order to see what was there.

Generally speaking, it only blocks what you choose to block. If there are other blockable connections, but you did not choose to block them, they will appear as "harmful".

E.g. I don't block proxies, so proxies will appear as "harmful", but they do not get blocked.
Title: Re: This is basic, just can't find it
Post by: starfox101 on December 05, 2023, 06:20:38 PM
Thanks for the reply, I guess I'll have to figure out the filters.
Title: Re: This is basic, just can't find it
Post by: beki on December 06, 2023, 08:11:28 AM
Hi starfox101,
With the forthcoming release 1.16, the firewall dashboard will provide direct access to Live Sessions for "Blocked Threats" and "Detected Threats," expediting traffic analysis and threat detection.

A display will appear when you select the quantity of blocked threats, which is Threats Live Sessions filtering blocked connections. You can then simply exclude the Blocked filter in order to view detected threats that have not been blocked by selecting the equals (=) symbol on the applied filter parameter.

For more information:
https://www.zenarmor.com/docs/opnsense/reporting-analytics/live-session-explorer#adding-a-generic-filterexclusion-on-the-live-session-explorer

Bests