Replacing a user-defined IDS rule

You can replace a previously imported Snort or Suricata file and use it to scan events and create Intrusion Detection System alerts.

It is highly recommended to test custom IDS rules in a test environment before you import them. Custom IDS rules may cause performance issues, in which case stable performance of Kaspersky Anti Targeted Attack Platform is not guaranteed

IDs and attributes of custom rules may be modified when uploaded. Reject and Drop actions will be changed to Alert. Rules with the Pass action will be deleted

To replace a user-defined IDS rule:

  1. In the window of the program web interface, select the User rules section, IDS subsection.
  2. This opens the user-defined IDS rule window. Below the rule information, click Replace.

    This opens the file selection window on your local computer.

  3. Select the file that you want to upload and click Open.

The user-defined IDS rule is imported into the program, replacing the previously imported rule.

See also

Managing user-defined IDS rules

Importing a user-defined IDS rule

Viewing the information of a user-defined IDS rule

Enabling and disabling the use of an IDS rule when scanning events

Configuring the importance of alerts generated by the user-defined IDS rule

Downloading a user-defined IDS rule file to the computer

Deleting a user-defined IDS rule

Page top