However, when navigating to ‘decisions’ there are none displayed but this message:
You currently have no active decisions
To send and receive decisions, ensure your security engine is at least version 1.6.0. You can use cscli to check your version.
The engine is on 1.6.3 running as plugin of OPNsense.
There both service and bouncer are marked with
Also on OPNsense the tab ‘alerts’ displays the same alerts, but again no decisions visible on tab ‘decisions’
So this generally means there was a decision that was taken, however, the decisions tab only shows active decisions and since they are not shown they have expired.
Well have you customise the deployment? Because by default we only take 4 hour bans, so if you sure you haven’t changed it then I’m sure that what happened.
Take a look at the post installation section about the profiles
As stated it shows active only so if they expired then it will not show there
Thanks for clarifying. That is interesting, because to me ‘alerts’ are the most recent events and a tab called ‘decisions’ implied to me to see all corresponding decisions, like a history. You might wanna consider to clarify this already in UI. A quick fix would be a little note displaying: ‘This tab shows active decisions only.’ Optional: including the set ban time. Also a real history of past decisions in UI would be really cool. At least for noobs like me
Yeah I agree, 1 decision doesnt give you any context to the information. So we purpose that we say 1 Active decision and 1 Expired decision on the alerts page. However, I can also see value in the decisions tab keeping context, the only issue is the current design groups decisions based on ip addresses so you may see information overload if you see all that information. Plus the page is currently not paginated or searchable so if you have alot of information it can take a while to load
Yup. UX improvements on UI can be made. A possible iteration with small dev effort could be:
‘N decision’ as a label on the alerts overview tab, but linking to the decisions tab.
On decisions tab: display a message that these are only active decisions and no decision archive.
ideas for future iterations for decision tabs:
split between active and past decisions
search
filter
pagination
…
But dont listen to me... conduct user testing :slight_smile: Its also questionable what you would like to (re)build in web UI if there are potential solutions for pro users with prometheus / grafana already. that depends of course on your roadmap and priority users.
A quick fix would be a little note displaying: ‘This tab shows active decisions only.’ Optional: including the set ban time. Also a real history of past decisions in UI would be really cool. At least for noobs like me 