Thanks. I found the rules on another thread.
I tested it and the rules show fine on my master attack policy.
I would suggest you check the ems.log & emsout.log file after you save the snort rules on the custom attack editor. Maybe you can see an error that explains why they aren't showing on your policies.
These SNORT signatures are set to informational and will not be included in a normal IPS policy unless you add them to the rule set that you are using. If you happen to be using a default rule set you will need to copy this to a new rule set and add the SNORT signatures. If you need me to I will give you a break down of how to add these to the rule set.
You might also try clearing the manager policy cache and see if that yields any results. Sometimes the cache can become stale and fail to update.
You can clear the cache from Manage\troubleshooting\manager policy cache - let us know if that helps
@mjesmar - even though the snort rules are information, they should be visible on the master policy, and Ahmed confirmed they don't show there. Good point on the policy cache, hopefully it is just dad.
So basically it was clearing the cache (kudos to mjesmer) that resolved it right?
Not all signatures will show on all policies. Because the snort rules you imported are only informational, they won't show on higher security/blocking policies.
If you set priority:3 on a snort rule, it will have a severity 7/8/9 (high), and will show on all policies.
Checking the master policy will tell you what attacks are available for other policies, so better to check in there first.
Good to know the problem is resolved though