Setting a Rule Filter in an Intrusion Policy
You can filter the rules on the Rules page to display a subset of rules. You can then use any of the page features, including choosing any of the features available in the context menu. This can be useful, for example, when you want to set a threshold for all the rules in a specific category. You can use the same features with rules in a filtered or unfiltered list. For example, you can apply new rule states to rules in a filtered or unfiltered list.
All filter keywords, keyword arguments, and character strings are case-insensitive. If you click an argument for a keyword already in the filter, it replaces the existing argument.
Procedure
Step 1 | Choose . |
Step 2 | Click Snort 2 Version next to the policy you want to edit. If View () appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration. |
Step 3 | Construct a filter using any of the following methods, separately or in combination:
|