Configuring Intrusion Rules in Layers

In an intrusion policy, you can set the rule state, event filtering, dynamic state, alerting, and rule comments for a rule in any user-configurable layer. After accessing the layer where you want to make your changes, you add settings on the Rules page for the layer the same as you would on the intrusion policy Rules page.

Procedure

Step 1

While editing your Snort 2 intrusion policy, expand Policy Layers in the navigation panel.

Step 2

Expand the policy layer you want to modify.

Step 3

Click Rules immediately beneath the policy layer you want to modify.

Step 4

Modify any of the settings described in Tuning Intrusion Policies Using Rules.

Tip

To delete an individual setting from an editable layer, double-click the rule message on the Rules page for the layer to display rule details. Click Delete next to the setting you want to delete, then click OK twice.

Step 5

To save changes you made in this policy since the last policy commit, click Policy Information, then click Commit Changes.

If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy.

What to do next

  • Deploy configuration changes.