You can import a SnortĀ® or Suricata file and use it to scan events and create Intrusion Detection System alerts.
It is highly recommended to test custom IDS rules in a test environment before you import them. Custom IDS rules may cause performance issues, in which case stable performance of Kaspersky Anti Targeted Attack Platform is not guaranteed
For example, loading user-defined rules can cause the following errors:
IDs and attributes of custom rules may be modified when uploaded. Reject and Drop actions will be changed to Alert. Rules with the Pass action will be deleted
To import a custom IDS rule:
This opens the file selection window on your local computer.
The user-defined IDS rule is imported into the program.