Sensei on OPNsense - Application based filtering

[mb]

@donatom3, which devices would be out-of-scope is random and dependent on the memory state buffers. With device identification we'll enable user to select which devices to cover. For now, a higher tier would be more suitable. Also note that only IPv4 addresses  count, so if you have a dual stack, it won't affect memory buffer limits.

Having said that, as a gratitude to our BETA users like you, we'll be providing a suitable discount for higher tiers so that it would still be in the lower tier price range. More on this next week.

[mb]

@robvanhooren, can you try Sensei -> Configuration -> Reporting & Data -> Reset Reporting and see it that solves your problem. Make sure you don't have tmpfs enabled for /var directory.

rene, thank you very much for the feedback. We hope sensei will add more value in the future.

@Quetschwalze, many thanks for the feedback, glad that you loved Sensei. Yes, home subscription is coming late this week/early next week.

[robvanhooren]

@mb, yes I had to wipe the database.

question: now that there is data to review, I see some sites are miscategorized.

how would you like to deal with reporting that, so it can be corrected? e.g., centos mirrors being declared malware/virus; opensubtitles.org being declared warez; etc....

[robvanhooren]

@mb (again) .....

just saw the SOHO pricing, $99/yr is very competitive.

the issue I see here is that with the explosion of IoT and other things in a household, 15 devices is just much too low for a home environment in 2019.

for example, my device count ('Unique Local Hosts' in the last 24hrs, according to the Sensi Dashboard) is 41.

per the current structure, that would cost ~$1200/yr, which is completely unreasonable.

no one in their right mind is going to spend two mortgage payments every year just to keep the Chinese out of their lightbulbs, the Russians out of their Alexas, the local stalkers and thieves out of their home security systems, and successfully divert accidental Japanese donkey porn away from their kids' surfing sessions, too; they shouldn't have to choose which subset of these goals can be achieved due to an arbitrarily-low device cap.

security is only as good as its weakest link, and if a home user has to pick which devices to cover with Sensei's gaze, and which ones to leave exposed to armageddon, then invariably they will be outfoxed.

while ad-hoc device coverage makes for good eye-candy, it's not particularly better than no coverage at all, because human beings are fallible and will inevitably pick combinations that leave attack vectors available.

would you consider raising the paid SOHO plan limit to 50?

 -- this would put you at parity with e.g. the device cap of SophosXG Home (which is free, fwiw).

LOL maybe even one-up the Sophos folks & make it 51 -- just because you can.

thanks!

(likely a big thanks from everyone!!  )

[sol]

Engine Version:    1.1_4    
App DB Version:    1.1.1    
Rules DB Version:    1.1.1    

Reports / Security

Code: [Select]

{
  "error": {
    "root_cause": [
      {
        "type": "index_not_found_exception",
        "reason": "no such index",
        "resource.type": "index_or_alias",
        "resource.id": "alert_all",
        "index_uuid": "_na_",
        "index": "alert_all"
      }
    ],
    "type": "index_not_found_exception",
    "reason": "no such index",
    "resource.type": "index_or_alias",
    "resource.id": "alert_all",
    "index_uuid": "_na_",
    "index": "alert_all"
  },
  "status": 404
}
Errors also occure at Reports / Web
Although I cannot open view erro message.

Furthermore since the update of sensei yesterday some sites aren't displayed fully with a running sensei.

[Antaris]

After taking out the custom option in web controls  from our hands, youtube not loading video after added in Auto Whitelist Hosts.
May be it's not good idea to take feature after feature from the free version with every update after all...

[marcri]

After taking out the custom option in web controls  from our hands, youtube not loading video after added in Auto Whitelist Hosts.
May be it's not good idea to take feature after feature from the free version with every update after all...

Same problem here, can't control anything anymore and have to allow everything. that's really bad!


And SOHO with 15 devices/ip addresses means 7 dual stack "devices" is really much too low, even for a one-person household.

[chemlud]

If it's for free, you are not the customer, you are the product (or the beta tester...).

It's the Google principle: make them addictive for free, then start taking money for your stuff. That's the way it is these days.

[robvanhooren]

@chemlud, not to distract from your rhetoric ..... I can't tell whether it was aimed @mb for Sensei, at Sophos for XG, at Deciso for opnsense itself, at Google because Evil(™), or just at everything and everyone in general

that said, the free = product is exactly what we have with the etPro-telemetry IPS option plugin here already (for example).

it's a consensual, opt-in model, and the quid pro quo is user data, in exchange for a better sigset from the vendor. the (hopefully GDPR-compliant?) data being exfiltrated to ProofPoint serves as substitute for an exchange of fiat currency in the transaction.

getting back on-topic to the thread ...

for the case of Sensei for home users, while the proposed price point is viable for that market segment, the SOHO paid version in the present circumstance is worse than the free version, due to a device cap that's way too low. so low as to be unusable in practice for anything other than non-serious demonstration purposes.

home users inclined to pay at all won't have issues paying $99/yr for a device count that's realistic for the current era.

15 was alright for 2004.
50 is reasonable for 2019.

[donatom3]

@donatom3, which devices would be out-of-scope is random and dependent on the memory state buffers. With device identification we'll enable user to select which devices to cover. For now, a higher tier would be more suitable. Also note that only IPv4 addresses  count, so if you have a dual stack, it won't affect memory buffer limits.

Having said that, as a gratitude to our BETA users like you, we'll be providing a suitable discount for higher tiers so that it would still be in the lower tier price range. More on this next week.

@MB Can't wait for the home/discounted licensing.

Once Sensei can be integrated with firewall and routing rules I'll be able to start selling management on OPNSense + Sensei as an alternate offering for our customers. So it will be good if I can show them what it can pick up and report on.

[mb]

@donatom3, @robvanhooren and others, many thanks for the suggestion & feedback. All noted, and being worked on.

1.2 is almost there. Running final tests. Hope to ship it this week. Will be back with more news this week.

Here's what will be coming with 1.2:

Home Premium Subscription

• Sensei Home Subscription goes live
• In-App purchase option. You can now purchase Sensei Subscription easily through Sensei User Interface
• Monthly and Yearly Subscription Options

Performance

• UI responsiveness has been increased considerably

Reporting

• Fully Customizable Dashboard. You can now choose which Charts gets displayed in your Sensei Dashboard
• Scheduled Reports are now available for Mongodb backend
• Security Reports: "Block Message" added as a filter for Security Reports
• Bug-fix: Mongodb autostart problem resolved
• Bug-fix: Mongodb backend: Top Destinations Heatmap
• Bug-fix: OPNsense Sensei Dashboard Widget fixed to handle an error condition

Other

• Shortcut to Contact Sensei Team directly and easily from Sensei User Interface
• A better and user friendly notification and warning interface
• Bug-fix: Handle Hardware Check falsely reporting a low-device in some cases
• Other performance and reliability improvements

[mb]

Dear Sensei users,

As promised, 1.2 is out.  With this release, you can purchase Home Subscription through Sensei User Interface. Monthly or Annual subscription is possible. You'll also be able to purchase the annual home subscription from the OPNsense webshop in a few days.

Other important improvements with 1.2:

• UI responsiveness has improved a lot. This is due to an optimization.
• Fully Customizable Dashboard. You can now choose which Charts gets displayed in your Sensei Dashboard
• Mongodb backend fixes

For a full feature list, please see: https://www.sunnyvalley.io/post/sensei-home-for-opnsense

We've received many feedback about how we could be structuring the Home Edition. I would like to thank all of you. Thanks to these feedback including @robvanhooren's comments, we've increased the device limit to 50 devices valid till January 1, 2020.

It looks like we need to work more on this. Please feel free to reach out to us at sensei -at- sunnyvalley.io and provide feedback.

At Sunny Valley Networks, our vision is to provide advanced persistent protection for everyone and everything. I hope this marks another milestone in realizing our objective.

Enjoy

[robvanhooren]

thanks @mb

@admins, has Sensei grown enough to graduate to its own (sub)forum here? perhaps under the IDS category.

[donatom3]

@mb this is great. The 50 device home limit should work for me depending on how sensei handles things. Even better that I can purchase right through the interface and use google pay to pay.

[l0rdraiden]

@mb (again) .....

just saw the SOHO pricing, $99/yr is very competitive.

the issue I see here is that with the explosion of IoT and other things in a household, 15 devices is just much too low for a home environment in 2019.

for example, my device count ('Unique Local Hosts' in the last 24hrs, according to the Sensi Dashboard) is 41.

per the current structure, that would cost ~$1200/yr, which is completely unreasonable.

no one in their right mind is going to spend two mortgage payments every year just to keep the Chinese out of their lightbulbs, the Russians out of their Alexas, the local stalkers and thieves out of their home security systems, and successfully divert accidental Japanese donkey porn away from their kids' surfing sessions, too; they shouldn't have to choose which subset of these goals can be achieved due to an arbitrarily-low device cap.

security is only as good as its weakest link, and if a home user has to pick which devices to cover with Sensei's gaze, and which ones to leave exposed to armageddon, then invariably they will be outfoxed.

while ad-hoc device coverage makes for good eye-candy, it's not particularly better than no coverage at all, because human beings are fallible and will inevitably pick combinations that leave attack vectors available.

would you consider raising the paid SOHO plan limit to 50?

 -- this would put you at parity with e.g. the device cap of SophosXG Home (which is free, fwiw).

LOL maybe even one-up the Sophos folks & make it 51 -- just because you can.

thanks!

(likely a big thanks from everyone!!  )

@mb

He is totally right I have IoT at home so I have more thant 50 IP's to control and we are 3 in the house and one of them is a kid 3 yeras old, so the home plan is not for me.
The home version is aready limited in features to consider it for an enterprise use, in fact is hard to consider opnsense for enterprise use. So I wouldn't limit the home version based on number of devices, it's already limited in must have enterprise features.

In addition I consider the price a little bit high considering you have sophos XG home edition for free or that you can build something similar in terms of protection with pfblockerng.

By the way Sophos XG Home edition has no limit in IP's or devices, the only limit is that only uses 4 Cores and 6 GB of RAM.

For less than 30$ per year I would think about it but considering that Sophos XG home edition is free...., or maybe 100$ for a lifetime plan for home users.