Add Custom Rules to Rule Groups

Uploading custom rules in the management center adds the custom rules that you have created locally to the list of all the Snort 3 rules.

Procedure

Step 1

Choose Objects > Intrusion Rules.

Step 2

Click Snort 3 All Rules tab.

Step 3

Click the Tasks drop-down list.

Step 4

Click Upload Snort 3 Rules.

Step 5

Drag and drop the .txt or .rules file that contains the Snort 3 custom rules that you have created.

Step 6

Click OK.

Note
If there are any errors in the selected file, then you cannot proceed further. You can download the error file and Replace File link to upload version 2 of the file, after fixing the errors.

Step 7

Associate rules to a rule group to add the new rules to that group.

You can also create a new custom rule group (by clicking the Create New Custom Rule Group link) and then add the rules to the new group.

Note
If there are no existing local rule groups, then proceed by clicking Create New Custom Rule Group to proceed. Enter a Name for the new rule group and click Save.

Step 8

Choose either of the following:

  • Merge Rules to merge the new rules that you are adding with the existing rules in the rule group.

  • Replace all rules in the group with file contents to replace all the exiting rules with the new rules that you are adding.

Note

If you chose more than one rule group in the previous step, then only the Merge Rules option is available.

Step 9

Click Next.

Review the summary to know the new rule IDs that are being added and optionally download it.

Step 10

Click Finish.

Important

The rule action of all the uploaded rules is in the disabled state. You have to change them to the required state to ensure the rules are active.

What to do next