Network Instruments GigaStor 114ff User Manual

Page 97

background image

Starting Forensic Analysis using Snort rules

Chapter 6 Forensic Analysis using Snort

97

rev. 1

Figure 69 Rules tab

9

Select the boxes next to the rules you want to enable. The right-
click menu has options to enable/disable all rules, and to show the
actual Snort rule that was imported. It also lets you jump to web-
based threat references such as bugtraq for further information
about the alert.

Rule classifications offer another level of control. Check the
“Rules must also match rule classifications” box to display a list of
defined rule classifications. Classifications are defined at import
time by parsing the Snort config classification statements
encountered in the rule set. Rules are assigned a classification in
the rule statement’s classtype option.

Select the rule classification(s) you want to enable. If classification
matching is enabled, a rule and its classification must both be
enabled for that rule to be processed. For example, suppose you
want to enable all policy violation rules: simply right-click on the
rule list, choose Enable all rules, and then enable the policy
violation classification.

See also other documents in the category Network Instruments Hardware: