Network Instruments GigaStor 114ff User Manual
Page 97
Starting Forensic Analysis using Snort rules
Chapter 6 Forensic Analysis using Snort
97
rev. 1
Figure 69 Rules tab
9
Select the boxes next to the rules you want to enable. The right-
click menu has options to enable/disable all rules, and to show the
actual Snort rule that was imported. It also lets you jump to web-
based threat references such as bugtraq for further information
about the alert.
Rule classifications offer another level of control. Check the
“Rules must also match rule classifications” box to display a list of
defined rule classifications. Classifications are defined at import
time by parsing the Snort config classification statements
encountered in the rule set. Rules are assigned a classification in
the rule statement’s classtype option.
Select the rule classification(s) you want to enable. If classification
matching is enabled, a rule and its classification must both be
enabled for that rule to be processed. For example, suppose you
want to enable all policy violation rules: simply right-click on the
rule list, choose Enable all rules, and then enable the policy
violation classification.