From 63adbf31cbace785dbe95c2b3605ad4568695f50 Mon Sep 17 00:00:00 2001
From: Russell Hancox <russell@hancox.us>
Date: Wed, 29 May 2024 22:35:27 -0400
Subject: [PATCH 1/2] docs: Document new EventDetailURL keys

---
 docs/deployment/configuration.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md
index c4c4a9765..ca5b2e1fc 100644
--- a/docs/deployment/configuration.md
+++ b/docs/deployment/configuration.md
@@ -106,6 +106,10 @@ them to. The following sequences will be replaced in the final URL:
 | %file_identifier%              | SHA-256 of the file that was blocked                                           |
 | %bundle\_or\_file\_identifier% | SHA-256 of the file that was blocked or the bundle containing it, if available |
 | %file_sha%                     | Deprecated, acts like bundle\_or\_file\_identifier                             |
+| %file\_bundle\_id%             | The bundle ID that this binary is part of, if any.
+| %team\_id%                     | The team ID that signed this binary, if any.
+| %signing\_id%                  | The signing ID of this binary, if any.
+| %cdhash%                       | The binary's CDHash, if any.
 | %machine\_id%                  | ID of the machine                                                              |
 | %username%                     | The executing user                                                             |
 | %serial%                       | System's serial number                                                         |

From 90a00dd4910becf9a545edfe8de382e8564b651f Mon Sep 17 00:00:00 2001
From: Russell Hancox <russell@hancox.us>
Date: Thu, 30 May 2024 10:16:05 -0400
Subject: [PATCH 2/2] Update custom_url example link

---
 docs/development/sync-protocol.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/development/sync-protocol.md b/docs/development/sync-protocol.md
index 6ae80b711..b8a77c6e0 100644
--- a/docs/development/sync-protocol.md
+++ b/docs/development/sync-protocol.md
@@ -390,7 +390,7 @@ downloading if the rules need to be downloaded in multiple batches.
 | policy | YES | string | Identifies the action to perform in response to the rule matching (must be one of the examples) | "ALLOWLIST","ALLOWLIST_COMPILER", "BLOCKLIST", "REMOVE",  "SILENT_BLOCKLIST" |
 | rule\_type | YES | string | Identifies the type of rule (must be one of the examples) | "BINARY", "CERTIFICATE", "SIGNINGID", "TEAMID", "CDHASH"  |
 | custom\_msg | NO | string | A custom message to display when the rule matches | "Hello" |
-| custom\_url | NO | string | A custom URL to use for the open button when the rule matches | http://lmgtfy.app/?q=dont+download+malware |
+| custom\_url | NO | string | A custom URL to use for the open button when the rule matches | http://example.com |
 | creation\_time | NO | float64 | Time the rule was created | 1573543803.349378 |
 | file\_bundle\_binary\_count | NO | integer | The number of binaries in a bundle | 13 |
 | file\_bundle\_hash | NO | string | The SHA256 of all binaries in a bundle | "7466e3687f540bcb7792c6d14d5a186667dbe18a85021857b42effe9f0370805" |