Creating Rules
IPSHow to create and manage IPS rules in the DioIPS application.
Creating a New Rule
- Navigate to the Rules tab
- Click the + New Rule button
- Fill in the rule details (see below)
- Click Save
- Rule is immediately active and synced to the kernel
Rule Fields
| Field | Required | Description |
|---|---|---|
| Name | Yes | Descriptive name for the rule |
| Description | No | Optional notes about the rule |
| Match Type | Yes | What to match (process, file, network, etc.) |
| Pattern | Yes | Wildcard pattern to match against |
| Action | Yes | What to do when matched (Log, Alert, Block, Kill) |
| Enabled | Yes | Whether the rule is active |
Match Types
Process
Match by process name or path
File
Match by file path
Registry
Match by registry key path
Network IP
Match by IP address
Network Port
Match by port number
DNS
Match by domain name
Creating from Event
You can quickly create a rule from any event:
- Click on an event in any tab
- In the event details panel, click Create Rule
- The rule form opens pre-filled with event data
- Adjust the pattern and action as needed
- Click Save
Managing Rules
- • Edit — Click the edit icon to modify a rule
- • Delete — Click the delete icon to remove a rule
- • Enable/Disable — Toggle the switch to enable or disable
- • Reorder — Drag rules to change evaluation order
- • Export — Export rules to JSON file
- • Import — Import rules from JSON file
Rule Order
Rules are evaluated in order from top to bottom. The first matching rule's action is taken. Place more specific rules before general ones.
1. Block powershell.exe from Temp ← More specific 2. Alert on all powershell.exe ← More general 3. Log all processes ← Catch-all