To make full use of the IPS system an appliance with SSD drive is required to store the rules and log alerts.
All available rule categories can easily be selected and applied with their defaults or custom setting.
The alerts are searchable within the user interface. Full details about the alert can be displayed.
Emerging Threats ETOpen Ruleset
OPNsense has integrated support for ET Open rules. The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection.
Abuse.ch offer several blacklist for protecting against fraudulent networks.
OPNsense has integrated support for SSL Blacklist (SSLBL), a project maintained by abuse.ch. The goal is to provide a list of “bad” SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists.
Feodo (also known as Cridex or Bugat) is a Trojan used to commit ebanking fraud and steal sensitive information from the victims computer, such as credit card details or credentials. At the moment, Feodo Tracker is tracking four versions of Feodo.
Maxmind GeoLite2 Country
OPNsense has integrated GeoLite2 Country database support. GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s GeoIP2 databases. GeoLite2 databases are updated on the first Tuesday of each month.
OPNsense includes a very polished solution to block protected sites based on their SSL fingerprint.