I believe the directions for implementing snort rules existed on the 9.8 administration guide. I'll have to check if it is on the docs site.
Basically, what I did was add a snort folder to /etc/netwitness/ng. In that snort folder, I had a rules folder and a basic snort.conf file that pointed to the rules folder. Inside the rules folder, I kept my snort rules, which I grabbed from emerging threats. Then, I made sure the snort parser was enabled and restarted services.
Here is an old doc I had on my laptop. As noted above, if there is an NG directory, the snort subdirectory goes there. I think the rest of the config is the same. Also, this will register meta into the Feed Name, Feed Cat and Feed Desc keys, so if you hope to open these keys quickly, you should set indexing to IndexValues on the concentrators and brokers.