Import Local Intrusion Rules
Use this procedure to import local intrusion rules. Imported intrusion rules appear in the local rule category in a disabled state.
Before you begin
-
Make sure your local rule file follows the guidelines described in Best Practices for Importing Local Intrusion Rules.
-
Make sure your process for importing local intrusion rules complies with your security policies.
-
Consider the import's effect on traffic flow and inspection due to bandwidth constraints and Snort restarts. We recommend scheduling rule updates during maintenance windows.
Procedure
Step 1 | Choose System ( You can also click Import Rules in the intrusion rules editor (). |
Step 2 | (Optional) Delete existing local rules. Click Delete All Local Rules, then confirm that you want to move all created and imported intrusion rules to the deleted folder. |
Step 3 | Under One-Time Rule Update/Rules Import, choose Rule update or text rule file to upload and install, then click Choose File and browse to your local rule file. |
Step 4 | Click Import. You can monitor import progress in the Message Center. Even if the Message Center shows no
progress for several minutes or indicates that the update has failed, do not
restart the import. Instead, contact Cisco TAC. |
)What to do next
-
Edit intrusion policies and enable the rules you imported.
-
Deploy configuration changes.