Cant enable some rulesets in Snort IDS/IPS
Mr_JinX last edited by
I've noticed I cant enable some rules in the 2nd and 3rd column, does anyone know why? they seem to be grayed out and when i go to select them i just get a red cross symbol.
Both are the latest,
u3c307 last edited by
Are you using IPS policy? If you are then depends on what you set to it's pre-defined so you won't be able to check the others per policy. Uncheck use IPS policy and it should allow you to check whatever you want.
virgiliomi last edited by
If you're using one of the pre-defined IPS Policy settings (Connectivity, Balanced or Security), then the Snort rules are automatically selected. If you also add OpenAppID and ET rules, then you can select those rules, as they are not part of the pre-defined Snort IPS policies.
Here's a post from the Snort blog about how rules are put into each of the pre-defined policies. CVSS score, time, and certain policy groups play a factor in those pre-defined policies.