OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Northguy on October 14, 2021, 12:37:51 pm

Title: Help request: how to compose a policy in the right way
Post by: Northguy on October 14, 2021, 12:37:51 pm
Hi guys,

Who can help me figure out what I am doing wrong in configuring a policy.

Use case:
* enabled IPS
* Enabled ET telemetry/emerging-web_client
* Created a policy to drop instead of alert
 - selected appropriate rulesets
 - modified yellow highlighted fields (see screenshot)
 - Selected nothing for remaining fields (assuming this means 'all selected'
* Tested ET telemetry/emerging-web_client with a payload from https://www.wicar.org/test-malware.html

* Alert is raised, but threat is allowed, not dropped

See attached