I enabled a few DNS blacklist snort rules along with creating my own. None of them will trigger an alert/intrusion event. I verifed that the rules are enabled and everything. I took these same rules and applied them to open source snort and they do trigger. Is there something missing out of the default sourcefire firesight config?