Adding Comments to Intrusion Rules

You can add comments to any intrusion rule. Such comments can be helpful to provide context and additional information about the rule and the exploit or policy violation it identifies.

Procedure

Step 1

Access the intrusion rules using either of the following methods:

Choose Policies > Access Control > Intrusion.
Click Snort 2 Version next to the policy you want to edit and click Rules.
Choose Objects > Intrusion Rules.

Step 2

Locate the rule you want to annotate. You have the following choices:

Navigate through the folders to the rule.
Search for the rule; see Searching for Rules.
Filter for the group where the rule belongs; see Filtering Rules.

Step 3

Click Edit ( edit icon ) next to the rule or, in the case of search results, click the rule message.

If View ( View button ) appears next to a rule instead, the rule belongs to an ancestor policy, or you do not have permission to modify the rule.

Step 4

Click Rule Comment.

Step 5

Enter your comment in the text box.

Step 6

Click Add Comment.

Tip	You can also add and view rule comments in an intrusion event’s packet view.