To access the IDS Rules page:
- Log in to LogRhythm NDR's new UI.
- Click Settings from the sidebar menu and then click Policy Management.
- Click the IDS Rules tab.
The IDS Rules page appears where a table lists the IDS rules with information about the Site, Node, Ethernet, and File Name.
The user is provided with options to filter and sort entries in the table.
- To view the details pertaining to each IDS rule, click the View icon.
The View IDS Rule File window appears.
- To perform the following actions, click the three-dot menu icon corresponding to the rule:
- Delete IDS Rule
- Enable/Disable IDS Rule
- Validate IDS Rule
- To add a new rule, click Add Rules at the top-right of the page.
The Add IDS Rule dialog box window appears.
- Enter the relevant details in the Site, Node, and Ethernet fields.
- Click Browse to upload the corresponding file.
Only files with the .rules extension can be uploaded. If the user uploads other file formats, an error message is displayed.
- Click Upload.
- Click Deploy to select an interface from the drop-down and the rules listed are deployed to that particular Ethernet environment.
When the selection is made, it deploys the enabled files.
The "IDS rules deploy was success" message is displayed.
- Click Interface Configuration.
The IDS Interface Configuration window appears with a list of IDS interface mapping details.
- To add a new mapping, click Add Mapping.
The New IDS Interface Mapping window appears.
- Enter the relevant details in the available fields.
- Click Add.
The new mapping is added to the list.
To export the mapping, click the Export icon.
- To search for an existing mapping, click the Search field.
Click the column headers in the table to sort the table entries in the ascending or descending order.