From 8b3db3c3b515d760ae2ccb83d11a385d9a25804f Mon Sep 17 00:00:00 2001
From: jason taylor <jtfas90@gmail.com>
Date: Tue, 6 Feb 2024 17:27:09 +0000
Subject: [PATCH] doc: update file.name keyword information

Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
---
 doc/userguide/rules/http-keywords.rst | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst
index bae60c75f0..28c653c86b 100644
--- a/doc/userguide/rules/http-keywords.rst
+++ b/doc/userguide/rules/http-keywords.rst
@@ -1236,11 +1236,21 @@ setting.
 file.name
 ---------
 
-The ``file.name`` keyword can be used at the HTTP application level.
+The ``file.name`` keyword can be used with HTTP requests.
 
-Example::
+It is possible to use any of the :doc:`payload-keywords` with the
+``file.name`` keyword.
+
+Example HTTP Request::
+
+  GET /picture.jpg HTTP/1.1
+  User-Agent: Mozilla/5.0
+  Host: suricata.io
+
+.. container:: example-rule
 
-  alert http any any -> any any (msg:"http layer file.name keyword usage"; \
-  file.name; content:"picture.jpg"; classtype:bad-unknown; sid:1; rev:1;)
+  alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"HTTP file.name Example"; \
+  flow:established,to_client; :example-rule-options:`file.name; \
+  content:"picture.jpg";` classtype:bad-unknown; sid:129; rev:1;)
 
-For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
\ No newline at end of file
+.. note:: Additional information can be found at :doc:`file-keywords`
\ No newline at end of file