Manage Custom Rules in Snort 3

Custom rules that are uploaded in the system have to be added to an intrusion policy and enabled to enforce those rules on the traffic. You can enable the uploaded custom rules across all policies or selectively on individual policies.

Follow the steps to enable custom rules in one or many intrusion policies:

Procedure

Step 1

Choose Objects > Intrusion Rules.

Step 2

Click Snort 3 All Rules tab.

Step 3

Expand Local Rules.

Step 4

Select the required rule group.

Step 5

Select the rules by checking the check boxes next to them.

Step 6

Select Per Intrusion Policy from the Rule Actions drop-down list.

Step 7

Choose:

  • All Policies—to have the same rule actions for all the rules to be added.

  • Per Intrusion Policy—to have different rule actions for each intrusion policy.

Step 8

Set the rule actions:

  • If you selected All Policies in the previous step, then select the required rule action from the Select Override state drop-down list.

  • If you selected Per Intrusion Policy in the previous step, then select the Rule Action against the policy name. To add more policies, click Add Another.

Step 9

Optionally, add a comment in the Comments text box.

Step 10

Click Save.

What to do next

Deploy the changes on the device. See, Deploy Configuration Changes.