Intrusion Rules Page Columns
The Intrusion Rules page uses the same icons in its menu bar and column headers. For example, the Rule State menu uses the same Generate Events as the Rule State column in the rule listing.
|
Heading |
Description |
|---|---|
|
GID |
Integer that indicates the Generator ID (GID) for the rule. |
|
SID |
Integer that indicates the Snort ID (SID), which acts a unique identifier for the rule. For custom rules, the SID is 1000000 or higher. |
|
Message |
Message included in events generated by this rule, which also acts as the name of the rule. |
|
Generate Events |
The rule state for the rule:
Note the icon for a disabled rule is a dimmed version of the icon for a rule that is set to generate events without dropping traffic. Also, clicking the rule state icon for a rule allows you to change the rule state. |
|
Cisco Recommended rule state |
Cisco recommended rule state for the rule. |
|
Event Filter |
Event filter, including event thresholds and event suppression, applied to the rule. |
|
Dynamic state |
Dynamic rule state for the rule, which goes into effect if specified rate anomalies occur. |
|
Errors ( |
Alerts configured for the rule (currently SNMP alerts only). |
|
Comment ( |
Comments added to the rule. |
)
)You can also use the layer drop-down list to switch to the Rules page for other layers in your policy. Note that, unless you add layers to your policy, the only editable views listed in the drop-down list are the policy Rules page and the Rules page for a policy layer that is originally named My Changes; note also that making changes in one of these views is the same as making the changes in the other. The drop-down list also lists the Rules page for the read-only base policy.