This is basic, just can't find it

Started by starfox101, December 05, 2023, 05:14:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 05, 2023, 05:14:44 PM
detected 14 and blocked 11 potentially harmful activities according to your rules. How do I find the detected harmful activities? Figure out if I should block them.

Thanks
December 05, 2023, 05:19:30 PM #1
https://dash.zenarmor.com/firewalls/

Under Live sessions. Then apply what filters you want in order to see what was there.

Generally speaking, it only blocks what you choose to block. If there are other blockable connections, but you did not choose to block them, they will appear as "harmful".

E.g. I don't block proxies, so proxies will appear as "harmful", but they do not get blocked.
OPNsense HW:

Minisforum Venus series UN100C, 16 GB RAM, 512 GB SSD
T-bao N9N Pro, 16 GB RAM, 512 GB SSD
December 05, 2023, 06:20:38 PM #2
Thanks for the reply, I guess I'll have to figure out the filters.
December 06, 2023, 08:11:28 AM #3
Hi starfox101,
With the forthcoming release 1.16, the firewall dashboard will provide direct access to Live Sessions for "Blocked Threats" and "Detected Threats," expediting traffic analysis and threat detection.

A display will appear when you select the quantity of blocked threats, which is Threats Live Sessions filtering blocked connections. You can then simply exclude the Blocked filter in order to view detected threats that have not been blocked by selecting the equals (=) symbol on the applied filter parameter.

For more information:
https://www.zenarmor.com/docs/opnsense/reporting-analytics/live-session-explorer#adding-a-generic-filterexclusion-on-the-live-session-explorer

Bests
Print
Go Up Pages1
User actions