"
I've searched for blocked and found nothing. Is it statistically likely my LAN interface'd have no blocked traffic, or do I perhaps need to consider what's enabled, rule wise (I have defaults atm).
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Intrusion Detection and Prevention / Re: How to filter alerts to show things that weren't "action: allowed"
May 29, 2024, 11:23:44 AM #2
Intrusion Detection and Prevention / Re: How to filter alerts to show things that weren't "action: allowed"
May 29, 2024, 11:22:12 AM
Thanks, I'll give that a go :) ... wasn't sure if there were other actions besides "Allowed", and if it had field specific search I should use.
#3
Intrusion Detection and Prevention / How to filter alerts to show things that weren't "action: allowed"
May 26, 2024, 07:58:06 AM
Hey folks,
Relatively new user to OPNsense + Suricata/IDS. Previously had an Asus router running third party firmware, so have come across from the Linux side of the force, to BSD with this.
If I go to:
Services -> Intrusion Detection -> Alerts
... I can see the most recent events, and there's a search box.
One of the columns is "Action", and the vast bulk of entries I see are "Allowed". I wondered if there was a way to filter this list to show me what has been acted upon in some way besides "Allowed"?
Relatively new user to OPNsense + Suricata/IDS. Previously had an Asus router running third party firmware, so have come across from the Linux side of the force, to BSD with this.
If I go to:
Services -> Intrusion Detection -> Alerts
... I can see the most recent events, and there's a search box.
One of the columns is "Action", and the vast bulk of entries I see are "Allowed". I wondered if there was a way to filter this list to show me what has been acted upon in some way besides "Allowed"?
Pages1
