Deleting Custom Rules

You can delete custom rules if the rules are not currently enabled in an intrusion policy. You cannot delete either standard text rules or shared object rules provided by the system.

The system stores deleted rules in the deleted category, and you can use a deleted rule as the basis for a new rule. The Rules page in an intrusion policy does not display the deleted category, so you cannot enable deleted custom rules.

Tip

Custom rules include shared object rules that you save with modified header information. The system also saves these in the local rule category and lists them with a GID of 1 (Global domain or legacy GID) or 1000 - 2000 (descendant domains). You can delete your modified version of a shared object rule, but you cannot delete the original shared object rule.

Procedure

Step 1

Access the intrusion rules using either of the following methods:

Choose Policies > Access Control > Intrusion.
Click Snort 2 Version next to the policy you want to edit and click Rules.
Choose Objects > Intrusion Rules.

Step 2

You have two choices:

Delete all local rules — Click Delete Local Rules, then click OK.
Delete a single rule — Choose Local Rules from the Group Rules By drop-down, click Delete () next to a rule you want to delete, and click OK to confirm the deletion.