Snort ET scan detectors only half way working
-
Hello fellow Netgate community,
I am running into a new issue can you please help? Something has disabled the ET emerging threats scan options for nmap scans and other scans that would show blocked every couple days. Recently I have not seen any. Has anyone else noticed that ET scans are no longer detected and being stopped at the firewall level?
Normally when the firewall sees a scan it will block the IP address of it's origin. I get many of them from out of the country with blocks of IP address matching other nation states.
The system seems to prune parts of snort automatically. The firewall is no longer blocking the scans of my firewall.
-
@jonathanlee the baseline has about 3 every morning that show and about 2 in the day time.
Image: I use to see a lot more nmap scans caught during the night