Document toolboxDocument toolbox

Comparing and Merging Rulesets

Owned by Aliaksei Shautsou (Deactivated)
Last updated: May 29, 2017 by Olga Nekrutkina
3 min read

After you manually download a ruleset and before you publish it, you can view differences between the old ruleset and the new one. The appliance shows you the system-level changes, including new rules, deleted rules, and rule syntax, between the two rulesets. It also shows you the customized parameter changes between the two versions. You can then select the changes you want to merge into the new ruleset. You can also modify some of these customized changes before you merge them into the new ruleset. Note that the modifications you make to the customized rule parameters will be added only to the new ruleset. When merging rulesets, all rules in the old ruleset and new ruleset are compared and identified by their rule IDs.
To merge rules from an older ruleset version to a newer ruleset:

  1. From the Data Management tab, select the Security tab -> Threat Protection Rules tab, click Merge from the Toolbar, and then select Ruleset from the drop-down list.
  2. In the Merge Changes Into Ruleset editor, complete the following:
    • Old Ruleset: From the drop-down list, select the ruleset version from which you want to merge changes into the new ruleset. The Comment field displays additional information about the ruleset.
    • New Ruleset: From the drop-down list, select the ruleset version to which you want the changes to be merged. The Comment field displays additional information about the ruleset.
    • Get Differences: Click this to display a list of differences between the selected old and new ruleset versions. The appliance displays system-level changes in the System changes from old ruleset (x items) table, where x is the total number of changed rules between the old and new ruleset versions. The appliance merges all system-level changes listed in this table into the new ruleset.

The table displays the following information for each changed rule:

    • Rule ID: The rule ID of the changed rule. You can click the rule link and modify parameters in the rule editor.
    • Rule Name: The name of the rule.
    • Type: Indicates whether the rule is a newly added rule or it has been deleted.
    • Old Ruleset Value: Displays the old value that has been changed.
    • New Ruleset Value: Displays the newly changed value.

The Customizations from old ruleset (x items) table displays customized rule parameter changes between the old and new rulesets, where x is the total number of changed rules. You can select all or specific changed rules in this table to be merged into the new ruleset. You can also modify parameter for selected rules before merging the changes into the new ruleset. This table displays the following information for each rule:

    • Member: The Grid member on which this rule is currently running.
    • Rule ID: The rule ID of the changed rule. You can click the rule link and modify parameters in the rule editor.
    • Rule Name: The name of the rule.
    • Old Ruleset Value: Displays the old value that has been changed.
    • New Ruleset Value: Displays the newly changed value.
    • Action: Displays what the appliance will do to changes in this rule when you merge the rulesets.

3. Click Merge Changes to copy all the selected rules and changes you made to specific rules to the new ruleset. Note that you must select a rule from the Customizations from old ruleset (x items) table to activate the merging operation.

You can do the following in the Merge Changes Into Ruleset editor:

  • Click Export to export all the changes listed in both tables to one CSV file. You can export this data after you click Get Differences and Grid Manager displays changes in both tables.
  • Perform another ruleset merge by selecting another old ruleset and new ruleset.
  • Click Close to exit the editor. Note that the editor does not close automatically after a merge.