1
Intrusion Detection and Prevention / IPS only shows allowed actions in alerts
« on: January 23, 2019, 09:25:36 am »
Hello
I'm still on 18.7.9 and Suricata 4.0.6. I followed the instructions on https://wiki.opnsense.org/manual/how-tos/ips-feodo.html and downloading all abuse.ch rules daily via cron. I also enabled them and changed Filter to drop. If I check my alerts I only can find log entries with action allowed. I can't find not one blocked action. Strange.
Does my IPS really do his job? How can I test it and force a blocked action?
Thank you very much for your help.
Greetings,
Manuel
I'm still on 18.7.9 and Suricata 4.0.6. I followed the instructions on https://wiki.opnsense.org/manual/how-tos/ips-feodo.html and downloading all abuse.ch rules daily via cron. I also enabled them and changed Filter to drop. If I check my alerts I only can find log entries with action allowed. I can't find not one blocked action. Strange.
Does my IPS really do his job? How can I test it and force a blocked action?
Thank you very much for your help.
Greetings,
Manuel