Having done a bunch of work on importing the emerging threat rules and methods of optimizing that process, it's apparent a large number don't fire as stated earlier by several people.
that said, for the people managing the rules...how would one go about identifying a layer 3 vs 7 rule such that when we import the ~7000 emerging threat rules, we can eliminate the ones that won't fire.
Thanks in advance
D.