How to provide stateful rules to AWS Network Firewall

When you create a stateful rule group from Suricata compatible rules, you can provide the rules to the rule group creation operation in one of the following ways:

Rule strings that are written in Suricata compatible syntax. When you use this option, Network Firewall passes your rule strings to Suricata for processing.
Domain list rule specification. With this option, Network Firewall translates your rule specification into Suricata compatible rules and then passes the resulting rule strings to Suricata for processing.
Standard, simple rule group specification. With this option, Network Firewall translates your specification into Suricata compatible rules and then passes the resulting rule strings to Suricata for processing.

The sections that follow provide details for each of these options.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using IP set references in Suricata compatible rule groups

Suricata compatible rule strings