OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: JohnDoe17 on September 10, 2021, 08:54:50 pm
-
I am running 21.1.9, and I've had the ET Telemetry Edition working fine for several months. But in the last couple of days, the Dashboard widget is just spinning when it is trying to get status from proofpoint.
When I look in the Intrusion Detection > Download tab, my Abuse.ch rule sets are downloading and updating fine. Only the ET rule sets are not downloading on schedule.
At first I chalked this up to a temporary issue on proofpoint's side (and maybe it still is), but it's dragged on for a couple of days now and I though it was time to ask if any others are seeing this...
Thanks.
-
Hi,
I'm experiencing similar problems on 21.7.2_1-amd64. General log only mentions "connection error sending heartbeat to https://opnsense.emergingthreats.net/api/v1/telemetry"
Problem for me started on 09-09 (but that was after an update).
-
The problem seems to be resolved with my instance.
-
Andddd it's back.
-
We forwarded the report(s) to Proofpoint about issues with that URL last week. I'll follow up with a response as soon as we have it.
Cheers,
Franco
-
Thanks, Franco and OPNsense team for passing this on to Proofpoint.
Like @joeyboon said, the "connection error sending heartbeat to https://opnsense.emergingthreats.net/api/v1/telemetry" issue appears to be back.
Edit: Anxious to hear about a resolution.
JD17
-
Thanks! for the reply. The log messages are a bit more detailed now
unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 502)
Hopefully this helps.
-
Connectivity issue was fixed some time in the last 24 hours we've been told. Can you guys confirm it's working as expected again?
Thanks,
Franco
-
Yes, the issues seem to be resolved for me - at least, the heartbeats are going through now apparently. Not sure how often the ET Pro Telemetry edition rules themselves are revved from Proofpoint's side, but the last set of rules the firewall downloaded were going on 16 hours old when I just checked (I have the firewall configured to download fresh rule sets every 6 hours).
Thanks for the help!
-
It might be updated every 24 hours but I'm not sure.
Thanks for the feedback! :)
Cheers,
Franco
-
@franco! Thanks for looking in to this! The issue seems to be resolved :) Thanks again!
-
Well... the heartbeats work as I reported a few days ago, but the ET Pro Telemetry rules have *NOT* been updated since September 18th.
Neither the "Services > Intrusion Detection > Log File" nor the "System > Log Files > General" indicate there is any error downloading new rules. Frankly it just looks like they haven't updated them for a few days.
Is Proofpoint still supporting the "ET Pro Telemetry" edition rules?
Thanks.
JD17
Edit: Added the missing word "*NOT*" in the first sentence. It was kind of important, lol.
-
Perhaps this has been resolved too...? I did get an updated set of rules on Monday - finally.
-
Maybe new problem: Since yesterday, my Suricata instance (on 21.7.3_3) no longer updates the rules - neither the cron job nor a manual "Download & update rules" does anything.
I added a few rule categories yesterday and "enabled" and "saved" them. Since then -> downloads don't work.
--
EDIT: The issue was the "OPNsense-App-detect/test" rule. Once I disabled that, the rules would download again.