We have added two rule files (country_code.rules and e8country_code.rules) that contain all the country codes. Clicking on a country will treat all IP addresses from that country to have a bad reputation. This can get kind of noisy in certain environments. Keep in mind that this was developed for an entity that does not like their computers
to talk to foreign countries. In most open networks with IM, P2P, and/or International reach these rules might not be very useful and should not be turned on.
Clicking on rules in the country_code.rules will cause direct Snort hits any time a TCP or UDP flow to that country is established. Clicking on you own country would cause EVERY flow to generate a Snort alert (please do not do this).
Clicking on rules in e8country_code rules (recommended) will cause a positive rank hit if a home machine talks to the selected countries AND there are other relevant, suspicious events coming from the same home machine.
You cannot modify the country rules (for now).