1
Intrusion Detection and Prevention / How to filter alerts to show things that weren't "action: allowed"
« on: May 26, 2024, 07:58:06 am »
Hey folks,
Relatively new user to OPNsense + Suricata/IDS. Previously had an Asus router running third party firmware, so have come across from the Linux side of the force, to BSD with this.
If I go to:
Services -> Intrusion Detection -> Alerts
... I can see the most recent events, and there's a search box.
One of the columns is "Action", and the vast bulk of entries I see are "Allowed". I wondered if there was a way to filter this list to show me what has been acted upon in some way besides "Allowed"?
Relatively new user to OPNsense + Suricata/IDS. Previously had an Asus router running third party firmware, so have come across from the Linux side of the force, to BSD with this.
If I go to:
Services -> Intrusion Detection -> Alerts
... I can see the most recent events, and there's a search box.
One of the columns is "Action", and the vast bulk of entries I see are "Allowed". I wondered if there was a way to filter this list to show me what has been acted upon in some way besides "Allowed"?