You can replace a previously imported Snort or Suricata file and use it to scan events and create Intrusion Detection System alerts.
We strongly recommend testing custom rules in a test environment before importing them. Custom IDS rules may cause performance problems, in which case the stability of Kaspersky Anti Targeted Attack Platform is not guaranteed
IDs and attributes of custom rules may be modified when they are uploaded. Reject and Drop actions are changed to Alert. Rules with the Pass action are deleted
To replace a user-defined IDS rule:
This opens the file selection window on your local computer.
The user-defined IDS rule is imported into the application, replacing the previously imported rule.
Users with the Security auditor role cannot replace user-defined IDS rules.
Users with the Security officer role cannot gain access to user-defined IDS rules.