Import Detection Rules

Now Lets add some rules!

There is two ways to add IDS Rules to IDSTower, the easies way is to enable one of the pre-integrated rules feeds, this will insure that these rules will be auto updated.

  • To enable one of the rule feeds Click on Settings->Feeds Tab, Then Enable one of the Rules feeds, for example here we enabled the Emerging Threats Open Ruleset feed, and clicked on “Update” to trigger the feed download now.

../_images/enable_et_feed.gif


  • In a couple of minutes the feeds will be downloaded and the rules will be imported to IDSTower, within minutes as well, Suricata Hosts will download and apply those IDS Rule, you will be able to view the downloaded rules by Clicking on Rules on the left menu.

../_images/view_downloaded_Suricata_IDS_rules.gif

  • To learn how to enable custom Rules/IOCs feed, please read the custom feeds guide.

  • You can as well manually import the rules files via Rules -> Add/Import Rules -> Bulk Import Rules From File.

../_images/bulk_import_Suricata_IDS_rules.gif

  • Next, we will import IOCs to IDSTower.