Yep, you've got the idea. There are also other examples in the files showing how to use rule names and other tidbits of information to identify rules. It is important to note that with SID MGMT, the last command to touch a rule's state wins. Notice there are two files: disablesid.conf and enablesid.conf. There is also a drop-down at the bottom of the page that determines the order in which those two files are used. So if the file that "enables" rules is run first and enables say rule 1:10000 and several dozen other rules; and then the file that "disables" rules is run next and it disables rule 1:10000, then rule 1:10000 will remain "disabled" because the disable command ran last. The converse is also true. If the enable command file runs last, it may enable a rule that was disabled in the disable command file. It sounds confusing initially, but if you just think about it in terms of "last action wins", it will make sense. This knowledge can be used to advantage when you want to disable almost all the rules in a category except maybe four or five. You put the category name in the "disable" file, and then the GID:SID of the four or five rules you want to enable in that category in the "enable" file. You would then set the order to be "disable,enable" so the enable file was evaluated last.