I recently wrote a diary on the SANS Internet Storm Center about updating the DShield pfSense client.
Please click here to read the full diary entry. Alternatively, the full diary is reposted in full below.
The SANS Internet Storm Center (ISC) developed the DShield pfSense client in 2017 [1] to support the ingestion of pfSense firewall logs into the DShield project. The pfSense project has also evolved over the years, with some changes in the offerings [2]. With the advent of pfSense Community Edition (CE) 2.7.0 [3, 4] and pfSense Plus 23.01, updates to the DShield client were required to fix unintended issues.
I am pleased to share that the DShield pfSense client has been updated and tested to be working* with pfSense CE 2.7.0 Release Candidate (RC) (just in time before pfSense CE 2.7.0-RELEASE is released on the targeted date of June 29, 2023), pfSense Plus 23.01-RELEASE as well as pfSense CE 2.6.0-RELEASE. To take a look at the DShield pfSense client, please visit the GitHub repository here [5]. If you are a pfSense user and would like to participate in the DShield project, please refer to my previous diary [6] for the steps required to set it up.
[* This release would not have been made possible without the understanding and support of my employers (JT Consultancy & Management Pte. Ltd. and ASSET Research Group) that kindly allowed me to work on this quickly to resolve issues faced by the DShield pfSense users. I would also like to thank my colleagues, Hamilton Chan and Yong Xian Ng, for their kind assistance and support rendered in this release.]
References:
1. https://github.com/jullrich/dshieldpfsense/commit/13a891e5ba4ee86c3a35fea4dcda24cf8107e39b
2. https://www.netgate.com/blog/announcing-pfsense-plus
3. https://www.netgate.com/blog/pfsense-rc-2.7.0-and-23.05.1
4. https://www.netgate.com/blog/pfsense-2.7.0-and-23.05
5. https://github.com/jullrich/dshieldpfsense
6. https://poppopretn.com/2021/03/25/sans-infosec-handlers-diary-blog-submitting-pfsense-firewall-logs-to-dshield/