Documentation #1892
open
rule docs should include example rules
Added by Victor Julien over 7 years ago.
Updated over 4 years ago.
Description
Think it would be nice to add example rules for each rule keyword. Perhaps a minimal example and a real world one from the ETOpen set.
Related issues
1 (1 open — 0 closed)
It think it will also be a good idea to make that part of the PR process (as well) where such a PR introduces new or updates keywords.
Otherwise the "how to" for new or updated keywords is not visible to the rulewriters or end users.
Easier said than done I suppose - it would be ideal if we can maybe have something like -
suricata --list-keywords-examples
where each listed keyword can have an example rule.
Maybe we could reuse a good part of the unittests to help out with that ?
Wouldn't be such a list quite verbose? Maybe we can first add it to the docs and relate to them with the --list-keywords-examples?
- Effort set to high
- Difficulty set to low
I'm open to both. I also think it would be a nice idea to have per rule keyword manpages, based on the user docs. Like how for example git commands have their own manpages. These manpages should then have one or more example rules.
- Assignee deleted (
OISF Dev)
I've set effort to high as there are many keywords, but this can be a step-by-step thing. So per keyword effort is low.
- Assignee set to Community Ticket
- Label Beginner added
- Target version changed from Documentation to TBD
- Tracker changed from Feature to Documentation
Also available in: Atom
PDF