Network Firewall provides full visibility into the threat signature rule content of its AWS managed rules. This enables you to choose between using the rule group as-is in your firewall policy or copying the rule group's rules into your own rule group and customizing them for your specific needs.
Important
Copied rules don't automatically inherit rule updates that AWS makes to managed rule group rules. We recommend that you subscribe to Amazon SNS topics for updates made to the originating rule group. For more information, see Getting notified of updates to a threat signature rule group. You're responsible for validating rule changes and making sure that your own rules are up-to-date.
To copy a managed threat signature rule group's rules, create a local copy of the rule group rules, make your modifications, then create your own rule group. The following procedure explains how to copy a threat signature rule group's rules, and then create your own rule group.
To copy a managed threat signature rule group's rules using the console
Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, under Network Firewall, choose Network Firewall rule groups.
-
In the AWS managed rule groups tab, under Threat signature rule groups, select a rule group to view its details.
-
Choose Duplicate rule group to copy the rules into your own rule group. You can modify the rule group details, and then choose Create rule group.
Alternatively, you can choose Copy to copy the rules to your clipboard. You can then modify them in a text editor, or create a new rule group and paste the rules into your own stateful rule group. For information about how to create your own stateful rule group, see Creating a stateful rule group.
