Send IPS alerts by e-mail

Started by opleksin, July 24, 2020, 06:57:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 24, 2020, 06:57:51 PM
I successfully set up and configured IPS in opnsense. If I try to open a TCP connection from inside my network to a host listed, e.g., in the ET botnet list, the connection is blocked and I get an alert. So far, so good.

The problem is: The alert shows up in the opnsense web UI. I don't want to regularly check the web UI for alerts. If an alert happens, I'd like to be notified (by e-mail), so that I can investigate whether this is a security incident or a false positive.

Is there some built-in functionality in opnsense to activate this kind of e-mail notification? I activated Monit, but none of the built-in service alerts seems to relate to the IPS.

Thanks and best regards
July 25, 2020, 07:57:47 AM #1
August 19, 2020, 11:28:48 PM #2
This is really handy have you managed to configure it ?
DEC4240 – OPNsense Owner
August 23, 2020, 12:06:44 AM #3
Yes, but I find this more annoying than helpful.
August 23, 2020, 11:45:00 AM #4
...if you are not interested in what's going on in your network simply turn off suricata :-p

Carefully select your rulesets for your use case and turn off false positives ove time. IPS is not a feature you turn on and forget about it...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
August 23, 2020, 02:57:35 PM #5
I agree if running IDS, but I'm running IPS. I want to block malicous traffic to my exposed systems.

I don't need notifications for any DShield blocks so I check that manually from day to day.
Print
Go Up Pages1
User actions