[DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT?

[Securytix]

Hi2youAll!

This week I purchased an OPNsense DEC690EU and I'm kind of new, as an enthousiastic home user, to this kind of devices, so please be patient with me....  ;)

Curently I have an existing double-NAT setup and I want to use the OPNsense box to monitor my traffic using IDS (maybe later on IPS) because I don't trust my current Ubiquiti hardware due to their breach.

My current setup:
Ubiquiti LAN -->  Ubiquiti Gateway (WAN) --> ISP Router LAN --> ISP Router WAN (internet).

My goal:
Ubiquiti LAN -->  Ubiquiti Gateway (WAN) --> OPNsense LAN --> OPNsense WAN --> ISP Router LAN --> ISP Router WAN (internet).

So, in short I want to setup the OPNsense DEC690EU to monitor and use the IDS funtion to monitor what is actually happening (detect/monitor communication).

My noob Questions:
1 - Can I use the OPNsense box to achief this?
2 - If yes, what is the best way to do this? (bridging ethernet ports, LAN to WAN setup? Setup steps to be taken?)
3 - Another option, mirror Ubiquiti gateway WAN and configure OPNsens in Promiscuous mode, somehow, for monitoring?
20210411: Option 3 seems to be working! (Services --> Intrusion Detection --> Adminstration --> Alerts, with  et_telemetry.token activated and some User defined rules added. Mirrored a port on my Ubiquiti switch connected to the Ubiquiti gateway WAN and configured EPNsens LAN 3 as Promiscuous mode.)

Can anyone give me advise and get me in the right direction to get started? It would be highly appreciated!

Thanks in advance!

[Securytix]

I enabled a LAN in Promiscuous mode and activated IDS (option 3). Can anyone tell me a simple way to test the IDS?

[Securytix]

Option 3 seems to be working. Next step: setting EPNsense as IDS/IPS/Firewall (option 2).

Please advice!