ET Telemetry Edition having problems?

Started by JohnDoe17, September 10, 2021, 08:54:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 10, 2021, 08:54:50 PM
I am running 21.1.9, and I've had the ET Telemetry Edition working fine for several months.  But in the last couple of days, the Dashboard widget is just spinning when it is trying to get status from proofpoint.

When I look in the Intrusion Detection > Download tab, my Abuse.ch rule sets are downloading and updating fine.  Only the ET rule sets are not downloading on schedule.

At first I chalked this up to a temporary issue on proofpoint's side (and maybe it still is), but it's dragged on for a couple of days now and I though it was time to ask if any others are seeing this...

Thanks.
September 11, 2021, 11:43:47 AM #1
Hi,

I'm experiencing similar problems on 21.7.2_1-amd64. General log only mentions "connection error sending heartbeat to https://opnsense.emergingthreats.net/api/v1/telemetry"

Problem for me started on 09-09 (but that was after an update).
September 11, 2021, 05:55:32 PM #2
The problem seems to be resolved with my instance.
September 12, 2021, 10:01:01 PM #3
Andddd it's back.
September 13, 2021, 02:06:32 PM #4
We forwarded the report(s) to Proofpoint about issues with that URL last week.  I'll follow up with a response as soon as we have it.


Cheers,
Franco
September 13, 2021, 06:07:34 PM #5
Thanks, Franco and OPNsense team for passing this on to Proofpoint.

Like @joeyboon said, the "connection error sending heartbeat to https://opnsense.emergingthreats.net/api/v1/telemetry" issue appears to be back.

Edit:  Anxious to hear about a resolution.

JD17
September 14, 2021, 11:24:38 AM #6
Thanks! for the reply. The log messages are a bit more detailed now

unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 502)

Hopefully this helps.
September 15, 2021, 08:23:24 PM #7
Connectivity issue was fixed some time in the last 24 hours we've been told. Can you guys confirm it's working as expected again?


Thanks,
Franco
September 15, 2021, 11:25:31 PM #8
Yes, the issues seem to be resolved for me - at least, the heartbeats are going through now apparently.  Not sure how often the ET Pro Telemetry edition rules themselves are revved from Proofpoint's side, but the last set of rules the firewall downloaded were going on 16 hours old when I just checked (I have the firewall configured to download fresh rule sets every 6 hours).

Thanks for the help!
September 16, 2021, 07:25:16 AM #9
It might be updated every 24 hours but I'm not sure.

Thanks for the feedback! :)


Cheers,
Franco
September 16, 2021, 08:36:24 AM #10
@franco! Thanks for looking in to this! The issue seems to be resolved :) Thanks again!
September 20, 2021, 09:11:37 PM #11 Last Edit: September 21, 2021, 06:00:14 PM by JohnDoe17
Well... the heartbeats work as I reported a few days ago, but the ET Pro Telemetry rules have *NOT* been updated since September 18th.

Neither the "Services > Intrusion Detection > Log File" nor the "System > Log Files > General" indicate there is any error downloading new rules.  Frankly it just looks like they haven't updated them for a few days.

Is Proofpoint still supporting the "ET Pro Telemetry" edition rules?

Thanks.

JD17

Edit: Added the missing word "*NOT*" in the first sentence.  It was kind of important, lol.
September 21, 2021, 05:59:15 PM #12
Perhaps this has been resolved too...?  I did get an updated set of rules on Monday - finally.
October 14, 2021, 12:50:28 PM #13 Last Edit: October 16, 2021, 07:47:42 PM by abulafia
Maybe new problem: Since yesterday, my Suricata instance (on 21.7.3_3) no longer updates the rules - neither the cron job nor a manual "Download & update rules" does anything.

I added a few rule categories yesterday and "enabled" and "saved" them. Since then -> downloads don't work.

--

EDIT: The issue was the "OPNsense-App-detect/test" rule. Once I disabled that, the rules would download again.
Print
Go Up Pages1
User actions