diff --git a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb
index a2129f9d6..93bc59b50 100644
--- a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb
+++ b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/intro.md.erb
@@ -6,15 +6,15 @@
 ==Start these VMs== (if you haven't already):
 
 - hackerbot_server (leave it running, you don't log into this)
-- ids_server (IP address: <%= $ids_server_ip %>)
+- ids_snoop (IP address: <%= $ids_server_ip %>)
 - web_server (IP address: <%= $web_server_ip %>, leave it running, you don't log into this)
 - desktop
 
 All of these VMs need to be running to complete the lab.
 
-**Ensure the ids_server VM is allowed promiscuous mode.** If you are completing this lab on Leeds Beckett oVirt infrastructure, this should be sorted. Otherwise, if you have used SecGen to spin up VMs, you need to ensure your VMs have permission to monitor networks using promiscuous mode. On the Leeds Beckett oVirt infrastructure we have snoop networks, which mirror all the traffic between systems. On Virtualbox, you would need to go to Advanced network settings for the host-only network on the ids_server and enable promiscious mode.
+**Ensure the ids_snoop VM is allowed promiscuous mode.** If you are completing this lab on Leeds Beckett oVirt infrastructure, this should be sorted. Otherwise, if you have used SecGen to spin up VMs, you need to ensure your VMs have permission to monitor networks using promiscuous mode. On the Leeds Beckett oVirt infrastructure we have snoop networks, which mirror all the traffic between systems. On Virtualbox, you would need to go to Advanced network settings for the host-only network on the ids_snoop and enable promiscious mode.
 
-### Your login details for the "desktop" and "ids_server" VMs
+### Your login details for the "desktop" and "ids_snoop" VMs
 User: <%= $main_user %>
 Password: tiaspbiqe2r (**t**his **i**s **a** **s**ecure **p**assword **b**ut **i**s **q**uite **e**asy **2** **r**emember)
 
@@ -34,7 +34,7 @@ Work through the below exercises, completing the Hackerbot challenges as noted.
 ---
 ## Getting Snort up and running
 
-**On the ids_server VM:**
+**On the ids_snoop VM:**
 
 ==Change Snort's output== to something more readable:
 
@@ -48,12 +48,6 @@ sudo vi /etc/snort/snort.conf
 ==Add the following line:==
 `output alert_fast`
 
-==Let us edit the local rules file without sudo:==
-
-```bash
-sudo chown <%= $main_user %> /etc/snort/rules/local.rules
-```
-
 ==Change Snort's interface== to the interface with IP address <%= $ids_server_ip %> (likely changing eth0 to ens3), and set the local network to your IP address range (or "any"):
 
 ```bash
diff --git a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb
index 4eb077690..e183c9ae8 100644
--- a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb
+++ b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/write_snort_rules.md.erb
@@ -118,15 +118,19 @@ And bringing all this together a Snort rule could read:
 
 **On the ids_snoop VM:**
 
-Add the rule, and reload Snort:
+==Add this rule== to /etc/snort/rules/local.rules:
 
 ```bash
-echo 'alert tcp any any -> <%= $web_server_ip %> 80 (msg: "Website access  <%= $random_string %>"; content: "GET /"; sid:1000001; rev:1;)' >> /etc/snort/rules/local.rules
-
-sudo service snort restart
+alert tcp any any -> <%= $web_server_ip %> 80 (msg: "Website access  <%= $random_string %>"; content: "GET /"; sid:1000001; rev:1;)
 ```
 
-> The above echo command simply puts the new rule line at the end of the file. You can then edit it using `vi /etc/snort/rules/local.rules`.
+> Run `vi /etc/snort/rules/local.rules` Remember press 'i' to enter insert mode, make your changes, press Esc, then type ':wq' to write your changes and quit vi.
+
+==Restart snort==:
+
+```bash
+sudo service snort restart
+```
 
 ==Test the new rule...==