ET Pro Telemetry heartbeats not working

[Headless1919]

Hi everyone, new user to Opnsense here. I'm hoping someone can help me shed a light on this problem... I have a token for the ET Pro telemetry rules, and there are events occurring, but the heartbeats are no longer being sent for some reason.

When checking the logs, all I see is the below:

/send_heartbeat.py: unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 404)

Does anyone have any suggestions as to how to fix this? My sensor will eventually go into dormant/disabled if not fixed.

[siga75]

same issue here, looks like the service is down on their side, since several days...

[Headless1919]

same issue here, looks like the service is down on their side, since several days...

Thank you for that, glad its not only me. I have tested the name resolution, routing, etc. and everything is correct... 404 indicates not found, so would suspect something is wrong on the other end.

My last heartbeat was Fri Dec 20 20:22:52 +0200 2019

[AdSchellevis]

Proofpoint's rule service isn't down (new rules are being served properly it seems), but there might be an issue with their heartbeat stream. I'll send them an email and ask about it.

[Headless1919]

Proofpoint's rule service isn't down (new rules are being served properly it seems), but there might be an issue with their heartbeat stream. I'll send them an email and ask about it.

Thank you, I believe you are correct as my rules updated yesterday morning. Just the heartbeats which seem to be an issue.

[siga75]

Thanks!

Yeah, rules get downloaded.

Heartbeat and send_telemetry does not work

[siga75]

They know there's something called "monitoring"?

I mean, the service isn't working since DAYS...

OK, it's free (in exchange for some data, which is fair), OK, rules still get downloaded.

Still this keeps me astonished, where I work I am called during the night (even on holidays) if our monitoring detects issues related to my area (unix). Same for every area of service.

And I wonder now how good can be a service provided by people who takes days to recover a service.

[AdSchellevis]

Although it's not our service, I would like comment to on the suggestion that it was down, which isn't correct (as mentioned before).

Rules are being published and delivered properly (as far as I know, I haven't seen proof of anything else).

Complaining about a service (no matter if it's free or paid), without knowledge of the details, feels silly and not very constructive. For all you know Proofpoint might monitor crucial areas of the service actively and non vital parts less frequent, issues might occur only in specific scenarios, etc, etc.... just saying, context is important.

Best regards,

Ad

[siga75]

Complaining about a service (no matter if it's free or paid), without knowledge of the details, feels silly and not very constructive. For all you know Proofpoint might monitor crucial areas of the service actively and non vital parts less frequent, issues might occur only in specific scenarios, etc, etc.... just saying, context is important.

It's not silly and I am not complaining, it was just a consideration.
They are loosing a huge amount of "precious" data, if this is not crucial for them, maybe this data are not so well investigated, and this makes me wonder about the quality of the signatures.
I don't know the details simply because they even didn't send an email, and they should have warned us, since we have the logs full with entries every 1 minute

[AdSchellevis]

Not going to spend more time on this, but how would they send you an email if they don't know who you are... https://docs.opnsense.org/manual/etpro_telemetry.html

If I read the error message correctly, the endpoint in your case isn't about actual statistics gathering (which you can easily validate by reading the also public source).

Jumping to conclusions (about the quality of signatures) so easily is again not very constructive and considered harmful for those involved.

Best regards,

Ad

[Headless1919]

Not going to spend more time on this, but how would they send you an email if they don't know who you are... https://docs.opnsense.org/manual/etpro_telemetry.html

If I read the error message correctly, the endpoint in your case isn't about actual statistics gathering (which you can easily validate by reading the also public source).

Jumping to conclusions (about the quality of signatures) so easily is again not very constructive and considered harmful for those involved.

Best regards,

Ad

For what it is worth, I am in full agreement with you - the service itself is working, rules are being served etc., just heartbeats. I am not entirely sure as to where the heartbeats fit into the picture - would I be correct in saying that they allow ET to see which sensors are active/streaming?

Additional question: was I correct to report this here, or should I have reached out to ET directly?

[AdSchellevis]

it's no problem at all to report it here, we can pass the message if needed.

[siga75]

Not going to spend more time on this, but how would they send you an email if they don't know who you are... https://docs.opnsense.org/manual/etpro_telemetry.html

If I read the error message correctly, the endpoint in your case isn't about actual statistics gathering (which you can easily validate by reading the also public source).

Jumping to conclusions (about the quality of signatures) so easily is again not very constructive and considered harmful for those involved.

Best regards,

Ad

I will also stop wasting time, I think my point was not so hard to understand...

BTW: they have my email, since I registered

[Headless1919]

it's no problem at all to report it here, we can pass the message if needed.

Thank you Ad, I appreciate the guidance.

[Headless1919]

Update: looks like it is working again

Last heartbeat
Fri Dec 27 21:28:58 +0200 2019