Depending on where your IDS sits in the network (LAN, WAN, web servers, or gateways), some rules may be relevant or out of scope.
You can enable rules by category or by rule group
- On the left menu, choose
IDS > Rules
This section lets you view the full set of available detection rules.
Some rules are disabled, others are active — but enabling everything rarely makes sense.
For example, why detect traffic targeting file servers if your IDS only inspects web servers?
You should tailor which rules are loaded to match the environment you’re monitoring.
There are two ways to group rules:
- Categories — more technical; specify the detection rule type.
- Category groups — less technical; bundle rules by use case or context.
- If you use category groups, a window appears showing only the rules that match the selected context.
You can enable all rules in the group or disable them.
When you finish enabling your rules, click Apply changes to deploy your selections to production.
After a few seconds, the number of production rules should update in the header.
