Simple IPS Policy Question for New User

[evanevery]

I've been networking since the early 80's (inc installation of the second DEC SEAL firewall on the Internet).  I'm moving from a Watchguard M370 to an Deciso DEC3842 router/firewall at my home.  I was pretty comfortable with the watchguard configuration but I currently find some of the OPNSense workflow a little confusing.  I'm sure this will all pass with time.  Anyway...

Searched this forum (lots of good info), but I have a simple question which I'm losing in the details...

- I chose several Rule Sets to download/enable for IPS, and
- Wrapped them in a single policy with "Action = Alert, Drop" -> "New Action = Alert"

I monitored the alerts for a while and now I want to "promote" a single rule set to "Drop" ("ET open/emerging scan")

Would it be best practice to remove that one ruleset from my "Alert" policy (priority 1) and then simply add it to a new "Drop" policy (priority 0)?  I'm also guessing that a "DROP" action will also "Alert", right?

- As an alternative I see I can also click on the "Configured Action" and change it (from Alert to Drop) from an "Alert Info" dialog, would that be a preferred method (rather than creating a second policy)?

[jonny5]

AFAIK - Drop rules alert unless they have "noalert" in them

After that, I might not be the best one to ask about the Layers when it comes to the Drop feature, I merely figured out how to enable most and disable noisy by using the Layers and wrote a how-to on it:
https://www.nova-labs.net/opnsense-and-enabling-suricata-rules/

It does them in order, so 0 is first, 1 is second, and so on. Broad stroke changes with 0, Refined changes with 1, etc. If I am inaccurate here, please someone correct me!!

[SCabnavari23]

https://forum.opnsense.org/Exionindex.php?topic=39699.0
I have the same issue. please help me