Building IDS Policies

In order to use IDS builder you have the following folders available:

IDSdb - includes empty IDS profile database

Import - includes the IDS configuration builder utility (snortimp.exe)

Snort - includes Snort rules and definition files

How to build IDS profiles.

1. Select IDS rules

In snort.conf (Snort builder) define which rules will be included in your profiles. You may edit rules in files as you wish - provided you do not change their format. Some basic description of the SNORT rules syntax and its support in CMDS/DSE you can find in the SNORT.txt file

2. Run IDS builder

Go to Import folder and run IDS builder tool. The Configuration Editor must be installed on the computer to successfully run the IDS builder tool. You must specify:

i. The location of snort.conf

ii. The location of IDS profile database file - select the "db-main-ids.xml" file from IDSdb folder. You must have in the same directory as db-main-ids.xml also db-def-ids.xml,db-des-ids.xml, db-res-ids.xml and db-rul-ids.xml files.

NOTE! IDS builder does not clean up UNUSED rules. For now we recommend to clean up .xml files using the clean.bat utility in IDSdb directory before creating new .cab profile.

Proceed with import. You must read the snort.conf for further understanding about values used.

3. Output

Once ready, the XML database will be updated in the IDSdb folder. This XML db will be used in the future for a further GUI IDS editing. However - at present - please use a side product of the import - file "ids_cfg.dat" as a configuration file to put into the CMDS as an IDS profile and assign it to a particular policy.