Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

OPNsense Integration Guide

integrations network opnsense filterlog

OPNsense must be configured to send logs via Syslog to the Taegis™ XDR Collector. Logs are filtered and correlated in real-time for various security event observations.

Follow the instructions below to configure logging and enable monitoring by Secureworks® Taegis™ XDR.

Connectivity Requirements

Source Destination Port/Protocol
OPNsense Firewall Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt File HTTP Management Netflow NIDS Process Thirdparty
OPNsense Firewall                   D      

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections


Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Configuration Instructions

Within the OPNsense console, navigate to System > Settings > Logging / targets.

  1. Select Add and create a new destination entry as follows:

Destination for FilterLog

Destination for FilterLog

  1. Select Save to save the destination entry.
  2. Select Apply to apply the logging configuration.

Your OPNsense appliance is now logging to Secureworks® Taegis™ XDR.


OPNsense filterlog events are normalized as Secureworks® Taegis™ XDR Sensor Type pfSense Firewall.


On this page: