Messages

1

Intrusion Detection and Prevention / Re: How to filter alerts to show things that weren't "action: allowed"

« on: May 29, 2024, 11:23:44 am »

I've searched for blocked and found nothing. Is it statistically likely my LAN interface'd have no blocked traffic, or do I perhaps need to consider what's enabled, rule wise (I have defaults atm).

2

Intrusion Detection and Prevention / Re: How to filter alerts to show things that weren't "action: allowed"

« on: May 29, 2024, 11:22:12 am »

Thanks, I'll give that a go ... wasn't sure if there were other actions besides "Allowed", and if it had field specific search I should use.

3

Intrusion Detection and Prevention / How to filter alerts to show things that weren't "action: allowed"

« on: May 26, 2024, 07:58:06 am »

Hey folks,

Relatively new user to OPNsense + Suricata/IDS. Previously had an Asus router running third party firmware, so have come across from the Linux side of the force, to BSD with this.

If I go to:
Services -> Intrusion Detection -> Alerts
... I can see the most recent events, and there's a search box.

One of the columns is "Action", and the vast bulk of entries I see are "Allowed". I wondered if there was a way to filter this list to show me what has been acted upon in some way besides "Allowed"?