Filtering Rules

On the Intrusion Rules page, you can filter rules into subsets so you can more easily find specific rules. You can then use any of the page features, including choosing any of the features available in the context menu.

Rule filtering can be particularly useful to locate a specific rule to edit.

Procedure

Step 1

Access the intrusion rules using either of the following methods:

  • Choose Policies > Access Control > Intrusion.

    Click Snort 2 Version next to the policy you want to edit and click Rules.

  • Choose Objects > Intrusion Rules.

Step 2

Prior to filtering, you have the following choices:

  • Expand any rule group you want to expand. Some rule groups also have sub-groups that you can expand.

    Expanding a group on the original, unfiltered page can be useful when you expect that a rule might be in that group. The group remains expanded when the subsequent filter results in a match in that folder, and when you return to the original, unfiltered page by clicking filter Clear (clear icon).

  • Choose a different grouping method from the Group Rules By drop-down list.

Step 3

Enter filter constraints in the text box next to Filter (filter icon) under the Group Rules By list.

Step 4

Press Enter.

Note

Clear the current filtered list by clicking filter Clear (clear icon).