Show Posts
1
Intrusion Detection and Prevention / Send IPS alerts by e-mail
« on: July 24, 2020, 06:57:51 pm »
I successfully set up and configured IPS in opnsense. If I try to open a TCP connection from inside my network to a host listed, e.g., in the ET botnet list, the connection is blocked and I get an alert. So far, so good.
The problem is: The alert shows up in the opnsense web UI. I don't want to regularly check the web UI for alerts. If an alert happens, I'd like to be notified (by e-mail), so that I can investigate whether this is a security incident or a false positive.
Is there some built-in functionality in opnsense to activate this kind of e-mail notification? I activated Monit, but none of the built-in service alerts seems to relate to the IPS.
Thanks and best regards
The problem is: The alert shows up in the opnsense web UI. I don't want to regularly check the web UI for alerts. If an alert happens, I'd like to be notified (by e-mail), so that I can investigate whether this is a security incident or a false positive.
Is there some built-in functionality in opnsense to activate this kind of e-mail notification? I activated Monit, but none of the built-in service alerts seems to relate to the IPS.
Thanks and best regards