Options for providing stateful rules to AWS Network Firewall
When you create a Network Firewall stateful rule group from Suricata compatible rules, you can provide the rules to the rule group creation operation in one of the following ways:
Rule strings that are written in Suricata compatible syntax – When you use this option, Network Firewall passes your rule strings to Suricata for processing.
Domain list rule specification – With this option, Network Firewall translates your rule specification into Suricata compatible rules and then passes the resulting rule strings to Suricata for processing.
Standard, simple rule group specification – With this option, Network Firewall translates your specification into Suricata compatible rules and then passes the resulting rule strings to Suricata for processing.
The sections that follow provide details for each of these options.