IDS rule variable tab

Use the IDS rule variables tab to view and modify IDS rules that are used by the VMware NSX Network Detection and Response installation. These rules have varying scope depending on how they are defined.

Filter the displayed list:

  • Select a License, either a specific license or All licenses, from the pull-down menu.

  • Select a Sensor, either a specific sensor/sensor group or All sensors from the pull-down menu.

If you select All licenses, the Customer scope IDS rule list is displayed. If you select a specific license, the License scope IDS rule list is added. If you select a specific sensor/sensor group, the Sensor scope IDS rule list is added.

A rule list includes the following fields:

Name

The name of the IDS rule.

Type

The type of the IDS rule.

Value

The value of the IDS rule.

Actions

Click delete to delete the IDS rule.

Click edit to edit the IDS rule inline.

Under Add new address group variable provide the following:

  • Enter a Variable name. This is a text string.

  • Set the Input raw value toggle to No (the default) or Yes.

  • Enter a Value for the IDS rule. If Input raw value is No, provide an IP address. Otherwise, provide a raw Suricata value.

When you have completed all the fields, click Create rule.

Edit an IDS rule

This populates the entry fields with the values from the selected host label entry. You can only change the Input raw value toggle and the Value. Make your changes then click Update rule.