aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: add file.name information to smtp keyword doc

Browse Source 
Signed-off-by: jason taylor <jtfas90@gmail.com>
pull/9985/head
jason taylor 2 years ago committed by Victor Julien
parent 9d1ad0187e
commit fc81c99b58
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
doc/userguide/rules/index.rst
Unescape Escape View File

@ -34,6 +34,7 @@ Suricata Rules
http2-keywords http2-keywords
quic-keywords quic-keywords
nfs-keywords nfs-keywords
smtp-keywords
app-layer app-layer
xbits xbits
thresholding thresholding

19
doc/userguide/rules/smtp-keywords.rst
Unescape Escape View File

@ -0,0 +1,19 @@
SMTP Keywords
=============
.. role:: example-rule-options
file.name
---------
The ``file.name`` keyword can be used at the SMTP application level.
Signature Example:
.. container:: example-rule
alert smtp any any -> any any (msg:"SMTP file.name usage"; \
:example-rule-options:`file.name; content:"winmail.dat";` \
classtype:bad-unknown; sid:1; rev:1;)
For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
Write Preview
Loading…
Cancel
Save