Project

General

Profile

Actions
Copy link

Documentation #1892

open

rule docs should include example rules

Added by Victor Julien about 8 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Affected Versions:
Effort:
high
Difficulty:
low
Label:
Beginner, Outreachy

Description

Think it would be nice to add example rules for each rule keyword. Perhaps a minimal example and a real world one from the ETOpen set.

Related issues 1 (1 open0 closed)

Related to Suricata - Documentation #4706: Guide for rulewritingNewCommunity TicketActions
Actions
Copy link
 #1

Updated by Peter Manev about 8 years ago

It think it will also be a good idea to make that part of the PR process (as well) where such a PR introduces new or updates keywords.
Otherwise the "how to" for new or updated keywords is not visible to the rulewriters or end users.

Easier said than done I suppose - it would be ideal if we can maybe have something like -

suricata --list-keywords-examples

where each listed keyword can have an example rule.
Maybe we could reuse a good part of the unittests to help out with that ?

Actions
Copy link
 #2

Updated by Andreas Herz about 8 years ago

Wouldn't be such a list quite verbose? Maybe we can first add it to the docs and relate to them with the --list-keywords-examples?

Actions
Copy link
 #3

Updated by Victor Julien over 6 years ago

  • Effort set to high
  • Difficulty set to low

I'm open to both. I also think it would be a nice idea to have per rule keyword manpages, based on the user docs. Like how for example git commands have their own manpages. These manpages should then have one or more example rules.

Actions
Copy link
 #4

Updated by Victor Julien over 6 years ago

  • Assignee deleted (OISF Dev)
Actions
Copy link
 #5

Updated by Victor Julien over 6 years ago

I've set effort to high as there are many keywords, but this can be a step-by-step thing. So per keyword effort is low.

Actions
Copy link
 #6

Updated by Victor Julien over 5 years ago

  • Assignee set to Community Ticket
  • Label Beginner added
Actions
Copy link
 #7

Updated by Victor Julien over 5 years ago

  • Target version changed from Documentation to TBD
Actions
Copy link
 #8

Updated by Andreas Herz about 5 years ago

  • Tracker changed from Feature to Documentation
Actions
Copy link
 #9

Updated by Juliana Fajardini Reichow about 3 years ago

Actions
Copy link
 #10

Updated by Juliana Fajardini Reichow 2 months ago

  • Label Outreachy added

If you are an Outreachy applicant and would like to work on this issue, please check our documentation docs.suricata.io for a rule keyword that doesn't have examples, and discuss with us if it would be a good candidate for this task :)

Actions
Copy link

Also available in: Atom PDF