The Network IPS appliance imports and manages
SNORT rules
from a rules file that uses customized settings and programmed behavior.
Customizing
attributes to imported rules
When
you import SNORT rules from a rules file, the appliance groups those
rules by file name. You can customize these attributes of the imported
rules:
The Network IPS appliance
stores these customized attributes
so that it can reapply them all (except the rule string) after you
import an updated file.
Reimporting updated
or changed rules files
The
appliance stores customized attributes because, in certain situations,
it is necessary to reimport rules files that contain updates and changes.
The appliance processes rules in reimported files in the following
ways:
- If a rule is new to the updated file, the appliance
adds the rule
to the group.
- If a rule is deleted from the updated file,
the appliance deletes
that rule from the group. You must add the rule by using the Add icon
if you still need the rule.
- If a rule continues to exist in
the updated file, the appliance
applies the customized attributes to the updated version of the rule.
Note: The current integrated system processes rules with duplicate
SIDs and revision numbers by inspecting traffic with the rule that
was last entered. The system ignores the previous rule.