# Working with AWS managed rule groups in the Network Firewall console
<a name="nwfw-using-managed-rule-groups-console"></a>

Through the console, you access managed rule group information when you add and edit rules in your firewall policies. Through the APIs and the command line interface (CLI), you can directly request managed rule group information.

When you use a managed rule group in your firewall policy, you can edit the following setting: 
+ **Set rule actions to alert** – Managed rule groups are designed to block traffic with `drop` rules. This setting in the API matches the **Run in alert mode** setting in the console. This overrides all rule actions in the rule group to `alert` instead. This is useful for testing a rule group before using it to control traffic.

To edit the managed rule group alert settings in your firewall policy:

------
#### [ Console ]

After you add the managed rule group to your firewall policy, from the **Policies** page, choose the firewall policy you just created. This takes you to the policy detail page where you can edit aspects of the policy, and view details about the policy.

In the **Network Firewall rule groups** tab, in the **Stateful rule groups** section, choose the rule group that you'd like to run in alert mode, then from the **Actions** drop-down menu, choose **Rule group details**. For the **Run in alert mode** setting, toggle to **Enabled** to run the rule group in alert mode.

------
#### [ CLI ]

Use the [StatefulRuleGroupOverride](https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_StatefulRuleGroupOverride.html) setting in a `StatefulRuleGroupReference`.

------

# Adding AWS managed rule groups to your firewall policy using the console
<a name="nwfw-using-managed-rule-groups-add-to-policy"></a>

Learn how to add one or more managed rule groups to your Network Firewall firewall policy. Adding managed rule groups to your firewall policy automatically implements their built-in protections across your firewall. You can add managed rule groups either through the the Network Firewall rule groups page or from your firewall policy's detail page.

------
#### [ Rule groups page ]

**To add one or more managed rule groups to your firewall policy from the rule groups page**

1. Sign in to the AWS Management Console and open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, under **Network Firewall**, choose **Network Firewall rule groups**.

1. In the **AWS managed rule groups** tab, choose **Add rule groups to policy**.

1. In the **Choose a firewall policy** section, select the firewall policy to add your AWS managed rule groups to.

1. Choose **Next**.

1. In the **Choose rule groups** section, choose one or more rule groups to add to your policy. You can add your own rule groups, or AWS managed rule groups.

1. Choose **Next**.

1. (Optional) On the **Add tags** page, enter a key and optional value for any tag that you want to add to this firewall policy. Tags help you organize and manage your AWS resources. For more information about tagging your resources, see [Tagging AWS Network Firewall resources](tagging.md).

1. Choose **Next**.

1. On the **Review and confirm** page, check the rule group settings for your policy. If you want to change any section, choose **Edit** for the section. This returns you to the corresponding step in the add rule group to policy wizard. Make your changes, then choose **Next** on each page until you come back to the review and confirm page.

1. Choose **Add rule groups to policy**.

------
#### [ Firewall policy detail page ]

**To add one or more managed rule groups to your firewall policy from the details page**

1. Sign in to the AWS Management Console and open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, under **Network Firewall**, choose **Firewall policies**.

1. Select the policy that you'd like to add one or more AWS managed rule groups to.

1. In the **Stateful rule groups** section, in the **Actions** drop-down menu, select **Add managed stateful rule groups**.

1. Select the AWS managed rule groups to add to your policy.

1. Choose **Add to policy**.

------

# Viewing AWS managed rule groups in Network Firewall using the console
<a name="nwfw-using-managed-rule-groups-list"></a>

You can view the managed rule groups that are available for your use in your Network Firewall policy. 

**To view the list of managed rule groups**
+ **Console** – You can view the list of managed rule groups either in the **Network Firewall rule groups** page in the **AWS managed rule groups** tab, or in the policy details page. When you add managed rule groups to a policy, you’ll see only the managed rule groups that fit your policy type. For example, if your policy type is default ordered, you’ll see only the managed rule groups that have a type of default ordered.
+ **API** – [ListRuleGroups](https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_ListRuleGroups.html) with the parameter `Scope`. 
+ **CLI** – `aws network-firewall list-rule-groups --scope MANAGED`. To filter by managed rule group type, you can include the parameter `managed-type` and filter by `AWS_MANAGED_THREAT_SIGNATURES` and `AWS_MANAGED_DOMAIN_LISTS`.