Documentation #1892
open
rule docs should include example rules
Added by Victor Julien about 8 years ago.
Updated 2 months ago.
Label:
Beginner, Outreachy
Description
Think it would be nice to add example rules for each rule keyword. Perhaps a minimal example and a real world one from the ETOpen set.
Related issues
1 (1 open — 0 closed)
It think it will also be a good idea to make that part of the PR process (as well) where such a PR introduces new or updates keywords.
Otherwise the "how to" for new or updated keywords is not visible to the rulewriters or end users.
Easier said than done I suppose - it would be ideal if we can maybe have something like -
suricata --list-keywords-examples
where each listed keyword can have an example rule.
Maybe we could reuse a good part of the unittests to help out with that ?
Wouldn't be such a list quite verbose? Maybe we can first add it to the docs and relate to them with the --list-keywords-examples?
- Effort set to high
- Difficulty set to low
I'm open to both. I also think it would be a nice idea to have per rule keyword manpages, based on the user docs. Like how for example git commands have their own manpages. These manpages should then have one or more example rules.
- Assignee deleted (
OISF Dev)
I've set effort to high as there are many keywords, but this can be a step-by-step thing. So per keyword effort is low.
- Assignee set to Community Ticket
- Label Beginner added
- Target version changed from Documentation to TBD
- Tracker changed from Feature to Documentation
If you are an Outreachy applicant and would like to work on this issue, please check our documentation docs.suricata.io for a rule keyword that doesn't have examples, and discuss with us if it would be a good candidate for this task :)
Also available in: Atom
PDF