Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPS UI #976

Open
gsanchietti opened this issue Dec 13, 2024 · 1 comment
Open

IPS UI #976

gsanchietti opened this issue Dec 13, 2024 · 1 comment
Labels
milestone goal 👑 This describes an announced milestone goal testing Packages are available from testing repositories
Milestone
NethSecurity 8.5

Comments

@gsanchietti
Copy link
Member

gsanchietti commented Dec 13, 2024
edited by Tbaile
Loading

Create a UI for Snort IPS.

Issue progress:

PRs:

Settings page:

  • Enable/disable service
  • Select rule policy: "connectivity", "balanced", "security"
  • Manage oinkcode (subscription key)
  • List of disabled rules

Bypass IPS page:

  • Add local IPv4/IPv6 addresses to bypass IPS
  • Options: direction (source/destination), type (IPv4/IPv6), address

Event list page:

  • Display current day's events
  • Disable or suppress rule by clicking:
    • Disable: add to disabled list (SID, optional description)
    • Suppress: add to suppression list (SID, direction, IP/CIDR, optional description)

Monitoring:

  • Add charts to local monitoring page and controller monitoring page
  • Show: number of rules, last download time
  • Dashboard: show IPS status

References:
@github-project-automation github-project-automation bot moved this to ToDo 🕐 in NethSecurity Dec 13, 2024
@gsanchietti gsanchietti mentioned this issue Dec 10, 2024
Closed
@gsanchietti gsanchietti added the milestone goal 👑 This describes an announced milestone goal label Dec 13, 2024
@gsanchietti gsanchietti added this to the NethSecurity 8.5 milestone Dec 13, 2024
@Tbaile Tbaile self-assigned this Jan 9, 2025
@Tbaile Tbaile moved this from ToDo 🕐 to In Progress 🛠 in NethSecurity Jan 9, 2025
This was referenced Jan 13, 2025
Closed
Closed
Closed
Closed
@Tbaile
Copy link
Contributor

Tbaile commented Jan 22, 2025
edited
Loading

  • TODO: DOCS

QA Image: 23.05.5-ns.1.4.1-35-gf37cff24a

  • Dashboard: Check that IPS status is correctly displayed in the dashboard card
  • IPS -> Event List: when disabled, ensure there's a link that sends you to the settings page
  • IPS -> Settings: Enable the service, save and commit changes, check that the file /var/ns-snort/snort3-community-rules.tar.gz exists (download might take a few seconds)
  • IPS -> Settings: Add a oinkcode, save and commit changes, check that the file /var/ns-snort/snortrules-snapshot-31470.tar.gz exists (download also might take a few seconds)
  • IPS -> * : Check that in the tables that show GID:SID, a link will send you to snort documentation (just one is enough)
  • IPS -> Filter Bypass: Check that adding a bypass is possible, and both IPv4 and IPv6 validate addresses correctly.
  • IPS -> Filter Bypass: Delete a bypass is possible.
  • IPS -> Disable Rule: Check that disabling a rule is possible
  • IPS -> Disable Rule: Check that deleting a rule is possible
  • IPS -> Suppress Alert: check that it's possible to suppress an alert, and can be deleted.

Next testing is being provided if you have the tools and the environment ready to test actually that snort alerts and drops packets.

  • IPS -> Event List: check that you can trigger a drop or alert, and it's correctly displayed in the table
  • IPS -> Event List: check that it's possible to disable a rule and create a suppression from the event table

@Tbaile Tbaile removed their assignment Jan 23, 2025
@Tbaile Tbaile added the testing Packages are available from testing repositories label Jan 23, 2025
@nethbot nethbot moved this from In Progress 🛠 to Testing in NethSecurity Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
milestone goal 👑 This describes an announced milestone goal testing Packages are available from testing repositories
Projects
NethSecurity
Status: Testing
Milestone
NethSecurity 8.5
Development

No branches or pull requests
2 participants
@gsanchietti @Tbaile