Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

userguide: explain rule types and categorization - v7 #12114

Closed
wants to merge 1 commit into from
Closed

userguide: explain rule types and categorization - v7 #12114

wants to merge 1 commit into from
+227 −0

Conversation

jufajardini
Copy link
Contributor

@jufajardini jufajardini commented Nov 12, 2024
edited
Loading

Add documentation about the rule types introduced by 2696fda.

Add doc tags around code definitions that are referenced in the docs.

Task #https://redmine.openinfosecfoundation.org/issues/7031

Link to ticket: https://redmine.openinfosecfoundation.org/issues/

Built docs: https://suri-rtd-test.readthedocs.io/en/doc-sigtypes-et-properties-v7/rules/intro.html#rule-types-and-categorization

Previous PR: #12113

Describe changes:

  • add frame keyword and rule examples to application layer transaction examples
  • fix typo s/tcp.set/tcp.seq
  • standardize how we mention keyword examples on the table
  • standardize Scope terminology
  • fix unformattable style for like IP Only explanation

@jufajardini
userguide: explain rule types and categorization
b94800f 
Add documentation about the rule types introduced by 2696fda.

Add doc tags around code definitions that are referenced in the docs.

Task #https://redmine.openinfosecfoundation.org/issues/7031
@jufajardini jufajardini added the typo/doc update No code change : only doc or typo fixes label Nov 12, 2024
@jufajardini jufajardini mentioned this pull request Nov 12, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Nov 12, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.28%. Comparing base (278dc24) to head (b94800f).
Report is 35 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12114      +/-   ##
==========================================
+ Coverage   83.23%   83.28%   +0.04%     
==========================================
  Files         906      906              
  Lines      257647   257647              
==========================================
+ Hits       214458   214570     +112     
+ Misses      43189    43077     -112
Flag Coverage Δ
fuzzcorpus 61.32% <ø> (+0.11%) ⬆️
livemode 19.42% <ø> (ø)
pcap 44.41% <ø> (-0.02%) ⬇️
suricata-verify 62.71% <ø> (+0.01%) ⬆️
unittests 59.28% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien added this to the 8.0 milestone Nov 12, 2024
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23307

@victorjulien victorjulien mentioned this pull request Nov 12, 2024
Closed
jufajardini
jufajardini commented Nov 13, 2024
View reviewed changes
doc/userguide/rules/intro.rst
Comment on lines +421 to +431
* - Packet-Stream
- Flow, if stateful (**)
- Flow, if stateful, per-packet if not
- Against the reassembled stream. If stream unavailable, match per-packet
(packet payload and stream payload)
- 'content' with 'startswith' or 'depth'
* - Stream
- Flow, if stateful (**)
- Per stream chunk, if stateful, per-packet if not
- Against the reassembled stream. If stream unavailable, match per-packet
- 'tcp-stream' in protocol field; simple 'content'; 'byte_extract'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-review especially for these two.

@victorjulien victorjulien removed this from the 8.0 milestone Nov 13, 2024
This was referenced Nov 27, 2024
Open
Draft
@jufajardini
Copy link
Contributor Author

Finally followed by: #12184

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
typo/doc update No code change : only doc or typo fixes
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jufajardini @suricata-qa @victorjulien