Project

General

Profile

Actions

Documentation #5182

open

userguide: better document rule keywords

Added by Juliana Fajardini Reichow over 2 years ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This could probably become more than just one ticket.
The motivation behind it is that there are many rule keywords
that are mentioned but lack proper explanation on what they are/
how they related to what is seen on the wire.
Example: dzise (https://suricata.readthedocs.io/en/latest/rules/payload-keywords.html#dsize)

Improving that would be great.


Subtasks 23 (15 open8 closed)

Documentation #2588: document hostbits keywordNewOISF DevActions
Documentation #3015: userguide: document "tag" keywordResolvedVictor JulienActions
Documentation #6511: userguide: document "tag" keyword (7.0.x backport)ClosedVictor JulienActions
Documentation #3018: No documentation for "flowvar" keywordNewOISF DevActions
Documentation #3025: Missing docs for "http." keywordsClosedJason TaylorActions
Documentation #3028: No documentation for "pkt_data" keywordAssignedJuliana Fajardini ReichowActions
Documentation #3030: doc: document for "smb" keywordsClosedEric LeblondActions
Documentation #3031: No documentation for "asn1" keywordNewOISF DevActions
Documentation #3033: No documentation for "stream-event" keywordNewOISF DevActions
Documentation #3034: No documentation for "l3_proto" keywordNewOISF DevActions
Documentation #3036: No documentation for "template2" keywordNewOISF DevActions
Documentation #3748: Add documentation for flags keywordNewCommunity TicketActions
Documentation #5068: nfs: document rule keywordNewCommunity TicketActions
Documentation #5088: file.name sticky buffer is not documentedClosedJason TaylorActions
Documentation #5385: userguide: update rule's format documentClosedJason TaylorActions
Documentation #5485: userguide: explain that the http.header_names buffer is normalizedAssignedJason TaylorActions
Documentation #5519: userguide: update 'dsize' examples and documentationClosedJason TaylorActions
Documentation #5523: userguide: document the tcp-stream keywordNewOISF DevActions
Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS...NewOISF DevActions
Documentation #5609: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS... (6.0.x backport)RejectedActions
Documentation #6386: Add tls.cert_chain_len DocumentationClosedJason TaylorActions
Documentation #7223: document 'stream-event' keywordNewOISF DevActions
Documentation #7277: doc/actions: clarify 'pass' scope variationsNewOISF DevActions

Related issues 1 (0 open1 closed)

Related to Suricata - Task #5626: doc: document file.dataClosedJason TaylorActions
Actions

Also available in: Atom PDF