Loading and replacing custom sets of Intrusion Detection rules

You can load sets of Intrusion Detection rules from files into the application. Files containing descriptions of Intrusion Detection rules must be in the same folder and have the RULES extension. The names of the files must not contain the following characters: \ / : * ? , " < > |.

After loading Intrusion Detection rules from a file, the rules are saved in the application as a custom set of rules. The name of the set of rules will match the name of the file without the RULES extension.

When sets of rules are loaded from files, the current custom sets of rules are deleted from the table and replaced with the new ones. However, system sets of rules (whose Origin column shows the System value) are not deleted from the table.

Only users with the Administrator role can load custom sets of Intrusion Detection rules.

To load and replace custom sets of Intrusion Detection rules:

Make sure that you have the permissions to read files in the folder containing the Intrusion Detection rule files that you want to use.
Start the Application Console and provide the account credentials of a user with the Administrator role.
Select the Intrusion detection tab in the Application Console window.
In the toolbar, open the Custom rules menu and select Replace custom rules.
The Folder containing files with Intrusion Detection rules window opens.
Specify the directory with Intrusion Detection rule files.
Click the Select button.
The table containing sets of rules displays the new custom sets of rules. For these sets of rules, the Origin column will show the User value. All sets of rules will be in active state.
Check for errors in the loaded sets of rules. Information about detected errors is displayed in the Errors column. If the set of rules contains errors, you can view detailed information about them by clicking the Details link.
If you do not want to use some of the sets of rules for Intrusion Detection, change their state.

Page top