doc: add file.name information to smtp keyword doc

Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago · fc81c99b58
parent 9d1ad0187e
commit fc81c99b58
2 changed files with 20 additions and 0 deletions
--- a/doc/userguide/rules/index.rst
+++ b/doc/userguide/rules/index.rst
@ -34,6 +34,7 @@ Suricata Rules
   http2-keywords
   quic-keywords
   nfs-keywords
+   smtp-keywords
   app-layer
   xbits
   thresholding
--- a/doc/userguide/rules/smtp-keywords.rst
+++ b/doc/userguide/rules/smtp-keywords.rst
@ -0,0 +1,19 @@
+SMTP Keywords
+=============
+
+.. role:: example-rule-options
+
+file.name
+---------
+
+The ``file.name`` keyword can be used at the SMTP application level. 
+
+Signature Example:
+
+.. container:: example-rule
+
+  alert smtp any any -> any any (msg:"SMTP file.name usage"; \
+  :example-rule-options:`file.name; content:"winmail.dat";` \
+  classtype:bad-unknown; sid:1; rev:1;)
+
+For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.