OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: pankaj on September 11, 2021, 07:54:25 pm

Title: IPS/IDS - Excellent Tutorial
Post by: pankaj on September 11, 2021, 07:54:25 pm

For those wanting to get started with IDS/IPS, this is an excellent tutorial - https://www.youtube.com/watch?v=_yIq3GM4gjA&t=6s (https://www.youtube.com/watch?v=_yIq3GM4gjA&t=6s)

Also note that this video is slightly dated as the newer versions have "Policy" feature which eliminates the need to tweak one off rules.

Hope this helps!

Title: Re: IPS/IDS - Excellent Tutorial
Post by: MichaelJackson on September 24, 2021, 02:54:53 pm

Thank you very much for this tutorial. I just briefly looked through it and I think this is a very good source of information, just what I was looking for!

Title: Re: IPS/IDS - Excellent Tutorial
Post by: schuc on November 07, 2021, 10:06:14 pm

Thanks for sharing and I had already seen this video before coming to the forums here.  I find the video dated in VERY crucial ways... Specifically,
1. IDS is POLICY based now.
2. Enable a real rule and show a rule working and the logs..not just a test rule.

I have been trying to get IDS working and having issues.  I have created a rule to disable ALL..and that is not even working.  There are still rules enabled.  FYI that the policy has Rule sets/Actions/Rules all set to 'None selected' and New action set to Disabled.

It would be VERY helpful to see an updated IDS tutorial that shows how to get Policy based IDS operational.