OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Help request: how to compose a policy in the right way
« previous next »
  • Print
Pages: [1]

Author Topic: Help request: how to compose a policy in the right way  (Read 980 times)

Northguy

  • Full Member
  • ***
  • Posts: 113
  • Karma: 11
    • View Profile
Help request: how to compose a policy in the right way
« on: October 14, 2021, 12:37:51 pm »
Hi guys,

Who can help me figure out what I am doing wrong in configuring a policy.

Use case:
* enabled IPS
* Enabled ET telemetry/emerging-web_client
* Created a policy to drop instead of alert
 - selected appropriate rulesets
 - modified yellow highlighted fields (see screenshot)
 - Selected nothing for remaining fields (assuming this means 'all selected'
* Tested ET telemetry/emerging-web_client with a payload from https://www.wicar.org/test-malware.html

Result:
* Alert is raised, but threat is allowed, not dropped

Screenshots:
See attached


Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Help request: how to compose a policy in the right way
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2