The Network
IPS appliance
imports and manages SNORT rules from a rules file according to customized
settings and programmed behavior.
Customizing attributes to imported rules
When
you import SNORT rules from a rules file, the appliance groups those
rules by file name. You can customize these attributes of the imported
rules:
The
Network
IPS appliance
stores these customized attributes so that it can reapply them all
(except the rule string) after you import an updated file.
Reimporting updated or changed rules files
The
appliance stores customized attributes because, in certain situations,
it is necessary to reimport rules files that contain updates and changes.
The appliance processes rules in reimported files in the following
ways:
- If a rule is new to the updated file, the appliance adds the rule
to the group.
- If a rule is deleted from the updated file, the appliance deletes
that rule from the group. You must add the rule using the Add icon
if you still need the rule.
- If a rule continues to exist in the updated file, the appliance
applies the customized attributes to the updated version of the rule.
Note: The current integrated system processes rules with duplicate
SIDs and revision numbers by inspecting traffic with the rule that
was last entered. The system ignores the previous rule.