Cisco Cisco Firepower Management Center 4000

The Rule Editor page appears.

Locate the rule you want to annotate. You have the following options:

To locate a rule by browsing rule categories, navigate through the folders to the rule you want and 
click the edit icon (

) next to the rule.

To locate a rule by searching for it, enter the search criteria (most simply, the SID) for the rule you 
want and click 

. Click the rule returned by the search as appropriate. See 

 for more information.

To locate a rule by filtering the rules displayed on the page, enter a rule filter in the text box, which 
is indicated by the filter icon (

), at the upper left of the rule list. Navigate to the rule you want 

and click the edit icon (

) next to the rule. See 

 for more information.

The rule editor appears.

Click 

.

The Rule Comment page appears.

Enter your comment in the text box and click 

.

The comment is saved in the comment text box.

You can also add and view rule comments in an intrusion event’s packet view. For more information, see 

Protection

You can delete custom rules that are not currently enabled in an intrusion policy. You cannot delete either 
standard text rules or shared object rules rules provided by Cisco. 

The system stores deleted rules in the deleted category, and you can use a deleted rule as the basis for a 
new rule. See 

 for information on editing rules.

The Rules page in an intrusion policy does not display the deleted category, so you cannot enable deleted 
custom rules.

Note that you can also delete all local rules on the Rule Updates page. See, for example, 

.

See the following sections for more information:

For information on creating custom rules, see 

For information on importing local rules, see 

For information on setting rule states, see 

Admin/Intrusion Admin