Author Topic: This is basic, just can't find it (Read 1257 times)

starfox101 · « **on:** December 05, 2023, 05:14:44 pm »

detected 14 and blocked 11 potentially harmful activities according to your rules. How do I find the detected harmful activities? Figure out if I should block them.

Thanks

almodovaris · « **Reply #1 on:** December 05, 2023, 05:19:30 pm »

https://dash.zenarmor.com/firewalls/

Under Live sessions. Then apply what filters you want in order to see what was there.

Generally speaking, it only blocks what you choose to block. If there are other blockable connections, but you did not choose to block them, they will appear as "harmful".

E.g. I don't block proxies, so proxies will appear as "harmful", but they do not get blocked.

starfox101 · « **Reply #2 on:** December 05, 2023, 06:20:38 pm »

Thanks for the reply, I guess I'll have to figure out the filters.

beki · « **Reply #3 on:** December 06, 2023, 08:11:28 am »

Hi starfox101,
With the forthcoming release 1.16, the firewall dashboard will provide direct access to Live Sessions for "Blocked Threats" and "Detected Threats," expediting traffic analysis and threat detection.

A display will appear when you select the quantity of blocked threats, which is Threats Live Sessions filtering blocked connections. You can then simply exclude the Blocked filter in order to view detected threats that have not been blocked by selecting the equals (=) symbol on the applied filter parameter.

For more information:
https://www.zenarmor.com/docs/opnsense/reporting-analytics/live-session-explorer#adding-a-generic-filterexclusion-on-the-live-session-explorer

Bests

Author Topic: This is basic, just can't find it (Read 1257 times)

starfox101

This is basic, just can't find it

almodovaris

Re: This is basic, just can't find it

starfox101

Re: This is basic, just can't find it

beki

Re: This is basic, just can't find it