Author Topic: Send IPS alerts by e-mail (Read 2750 times)

opleksin · « **on:** July 24, 2020, 06:57:51 pm »

I successfully set up and configured IPS in opnsense. If I try to open a TCP connection from inside my network to a host listed, e.g., in the ET botnet list, the connection is blocked and I get an alert. So far, so good.

The problem is: The alert shows up in the opnsense web UI. I don't want to regularly check the web UI for alerts. If an alert happens, I'd like to be notified (by e-mail), so that I can investigate whether this is a security incident or a false positive.

Is there some built-in functionality in opnsense to activate this kind of e-mail notification? I activated Monit, but none of the built-in service alerts seems to relate to the IPS.

Thanks and best regards

mimugmail · « **Reply #1 on:** July 25, 2020, 07:57:47 am »

https://github.com/opnsense/docs/blob/master/source/manual/monit.rst

Example 3

Julien · « **Reply #2 on:** August 19, 2020, 11:28:48 pm »

This is really handy have you managed to configure it ?

XeroX · « **Reply #3 on:** August 23, 2020, 12:06:44 am »

Yes, but I find this more annoying than helpful.

chemlud · « **Reply #4 on:** August 23, 2020, 11:45:00 am »

...if you are not interested in what's going on in your network simply turn off suricata :-p

Carefully select your rulesets for your use case and turn off false positives ove time. IPS is not a feature you turn on and forget about it...

XeroX · « **Reply #5 on:** August 23, 2020, 02:57:35 pm »

I agree if running IDS, but I'm running IPS. I want to block malicous traffic to my exposed systems.

I don't need notifications for any DShield blocks so I check that manually from day to day.

Author Topic: Send IPS alerts by e-mail (Read 2750 times)

opleksin

Send IPS alerts by e-mail

mimugmail

Re: Send IPS alerts by e-mail

Julien

Re: Send IPS alerts by e-mail

XeroX

Re: Send IPS alerts by e-mail

chemlud

Re: Send IPS alerts by e-mail

XeroX

Re: Send IPS alerts by e-mail