upstream/suricata
1
0
Fork 0
mirror of https://github.com/OISF/suricata.git synced 2026-06-10 09:21:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
suricata/doc/userguide/rules
History
Shivani Bhardwaj 899eb38691
Some checks failed
builds / Prepare dependencies (push) Has been cancelled
Details
builds / Prepare cbindgen (push) Has been cancelled
Details
CodeQL (Rust/C) / Analyze (push) Has been cancelled
Details
docs / Prepare dependencies (push) Has been cancelled
Details
docs / Prepare cbindgen (push) Has been cancelled
Details
Nix Env Build / tests (push) Has been cancelled
Details
Scan-build / Scan-build (push) Has been cancelled
Details
Scorecards supply-chain security / Scorecards analysis (push) Has been cancelled
Details
builds / AlmaLinux 10 (schema, plugins) (push) Has been cancelled
Details
builds / AlmaLinux 9 (schema, rust-checks) (push) Has been cancelled
Details
builds / AlmaLinux 9 Test Templates (push) Has been cancelled
Details
builds / Build RPMs (push) Has been cancelled
Details
builds / AlmaLinux 8 (push) Has been cancelled
Details
builds / CentOS Stream 9 (push) Has been cancelled
Details
builds / Fedora 44 (Suricata Verify codecov) (push) Has been cancelled
Details
builds / Fedora 44 (clang, debug, asan, wshadow, rust-strict, systemd) (push) Has been cancelled
Details
builds / Fedora 44 (gcc, debug, flto, asan, wshadow, rust-strict) (push) Has been cancelled
Details
builds / Fedora 44 (non-root, debug, clang, asan, wshadow, rust-strict, no-ja) (push) Has been cancelled
Details
builds / AlmaLinux 9 (no jansson) (push) Has been cancelled
Details
builds / AlmaLinux 9 (Minimal/Recommended Build) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (cocci) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (RUSTC+CARGO vars) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (unittests coverage) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (unix socket mode coverage) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (afpacket and dpdk coverage) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (pcap unix socket ASAN) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (afpacket IPS tests in namespaces) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (afpacket and dpdk live tests with ASAN) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (fuzz corpus coverage) (push) Has been cancelled
Details
builds / Ubuntu 20.04 (-DNDEBUG) (push) Has been cancelled
Details
builds / Ubuntu 20.04 (unsupported rust) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Debug Validation) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Fuzz) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Netmap build) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Minimal/Recommended Build) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (DPDK Build) (push) Has been cancelled
Details
builds / Debian 12 (xdp) (push) Has been cancelled
Details
builds / Debian 13 (xdp) (push) Has been cancelled
Details
builds / Ubuntu 22.04 Dist Builder (push) Has been cancelled
Details
builds / Debian 12 MSRV (push) Has been cancelled
Details
builds / Debian 11 (push) Has been cancelled
Details
builds / MacOS Latest (push) Has been cancelled
Details
builds / FreeBSD 15.0 (push) Has been cancelled
Details
builds / Windows MSYS2 MINGW64 (NPcap) (push) Has been cancelled
Details
builds / Windows MSYS2 MINGW64 (libpcap) (push) Has been cancelled
Details
builds / Windows MSYS2 UCRT64 (libpcap) (push) Has been cancelled
Details
builds / Windows MSYS2 MINGW64 (WinDivert) (push) Has been cancelled
Details
builds / PF_RING (push) Has been cancelled
Details
docs / Ubuntu 22.04 Dist Builder (push) Has been cancelled
Details
flowbits: deprecate toggle command 
toggle command is not used by any major rulesets and increases the state
complexity of flowbits management. Also, all operations can be carried
out with the combination of other available commands. So, remove it.

Task 8595
2026-06-05 12:38:59 +00:00
..
dataset-examples doc: add dataset examples 2023-03-06 08:26:34 +01:00
dns-keywords doc: rename from "sphinx" to "userguide" 2016-09-28 13:11:10 +02:00
fast-pattern doc: rename from "sphinx" to "userguide" 2016-09-28 13:11:10 +02:00
flow-keywords doc: fix spelling in flowbits image 2020-07-15 09:22:50 +02:00
header-keywords doc: Replace images of tables and rules with text in rules docs 2017-12-08 11:32:09 +01:00
http-keywords doc/userguide: update http keywords 2020-11-19 15:00:10 +01:00
intro doc: Replace images of tables and rules with text in rules docs 2017-12-08 11:32:09 +01:00
normalized-buffers doc: rename from "sphinx" to "userguide" 2016-09-28 13:11:10 +02:00
payload-keywords doc/userguide: fix within-distance pointer graphics in payload-keywords doc 2026-02-04 10:47:39 +00:00
pcre doc: Move pcre entirely to Payload Keywords section 2017-12-08 11:32:09 +01:00
rule-types userguide: explain rule types and categorization 2025-01-28 09:32:49 +01:00
app-layer.rst doc/devguide: document app-layer protocol detection 2025-06-27 04:11:47 +02:00
base64-keywords.rst detect: limit base64_decode bytes to 64KiB 2025-03-18 10:49:25 +01:00
bypass-keyword.rst detect/bypass: ban bypass keyword for firewall mode 2026-05-29 15:18:49 +00:00
config.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
datasets.rst doc/userguide: enrichment_key is now context_key 2025-06-11 20:49:18 +02:00
dcerpc-keywords.rst detect/dcerpc: support generic integer for opnum keyword 2026-04-21 07:20:31 +00:00
decode-layer.rst decode/etag: ETag 802.1BR decoder 2025-09-20 09:08:37 +02:00
dhcp-keywords.rst doc: move more examples to container:: example-rule 2026-04-16 05:58:14 +00:00
differences-from-snort.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
dnp3-keywords.rst detect: dnp3.func is now a generic integer 2025-11-07 00:42:35 +00:00
dns-keywords.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
email-keywords.rst detect: add email.body_md5 keyword 2025-09-19 15:32:17 +02:00
enip-keyword.rst enip: convert to rust 2024-06-07 13:54:22 +02:00
fast-pattern-explained.rst doc: remove references to prehistoric versions 2024-01-19 13:02:11 +01:00
file-keywords.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
flow-keywords.rst flowbits: deprecate toggle command 2026-06-05 12:38:59 +00:00
ftp-keywords.rst doc/ftp: Document ftp.completion_code sticky buffer 2025-05-19 21:22:08 +02:00
header-keywords.rst detect: add ether.hdr keyword 2026-03-31 05:34:16 +00:00
http-keywords.rst doc: fix eol content in http rules 2026-04-16 05:58:14 +00:00
http2-keywords.rst detect: http2.errorcode is now a generic integer 2025-10-14 19:40:52 +02:00
ike-keywords.rst detect/ike: move ike.ike.chosen_sa_attribute keyword to rust 2026-02-20 08:06:56 +00:00
index.rst doc: add llmnr 2026-06-02 06:26:10 +00:00
integer-keywords.rst detect/integers: rename index all1 to all 2025-11-04 06:19:31 +00:00
intro.rst doc: do not highlight bad transactional rule 2026-04-16 05:58:14 +00:00
ip-reputation-rules.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
ipaddr.rst doc: add reference to ipaddr in IP matching 2022-10-27 09:44:20 +02:00
ja-keywords.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
kerberos-keywords.rst doc: move more examples to container:: example-rule 2026-04-16 05:58:14 +00:00
ldap-keywords.rst doc: multi-integers section for rules 2025-09-19 15:32:23 +02:00
llmnr-keywords.rst doc: add llmnr 2026-06-02 06:26:10 +00:00
lua-detection.rst doc/lua-detection: fix example script; remove most buffers 2025-08-01 10:54:18 -06:00
mdns-keywords.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
meta.rst doc: fix rules 2026-04-16 05:58:14 +00:00
modbus-keyword.rst doc: spelling mistakes in various sections of the user guide 2018-05-18 09:05:59 +02:00
mqtt-keywords.rst detect/mqtt: reason_code keyword is now a multi-integer 2026-05-11 20:04:44 +00:00
multi-buffer-matching.rst doc: fix rules 2026-04-16 05:58:14 +00:00
nfs-keywords.rst detect/nfs: move nfs_procedure to rust 2025-09-23 10:38:12 +02:00
noalert.rst doc: fix rules 2026-04-16 05:58:14 +00:00
ntp-keywords.rst ntp: convert reference_id to buffer and add keyword 2026-04-16 18:25:15 -06:00
payload-keywords.rst detect: ban replace keyword for firewall mode 2026-05-29 15:18:49 +00:00
pgsql-keywords.rst doc: fix rules 2026-04-16 05:58:14 +00:00
prefilter-keywords.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00
quic-keywords.rst doc: add multi buffer support note to keyword docs 2023-07-13 07:05:02 +02:00
rfb-keywords.rst detect/rfb: move keywords to rust 2024-08-07 19:04:33 +02:00
rule-types.rst doc: adjust for master to main rename 2025-09-16 17:20:56 +02:00
rules-internals.rst doc/rules/internals: minor fixes 2025-09-20 09:08:38 +02:00
sdp-keywords.rst doc/sdp: fix doc to match real keywords names 2025-04-04 02:35:15 +02:00
sip-keywords.rst doc: add new sip keywords 2024-09-22 06:45:36 +02:00
smb-keywords.rst doc: fix rules 2026-04-16 05:58:14 +00:00
smtp-keywords.rst doc: move more examples to container:: example-rule 2026-04-16 05:58:14 +00:00
snmp-keywords.rst detect/snmp: add snmp.trap_type keyword 2026-04-16 05:58:16 +00:00
ssh-keywords.rst doc: move more examples to container:: example-rule 2026-04-16 05:58:14 +00:00
tag.rst doc/userguide: add tag keyword page 2023-11-16 21:36:37 +01:00
thresholding.rst detect/detection_filter: add unique_on option 2026-01-27 20:54:44 +00:00
tls-keywords.rst doc: move more examples to container:: example-rule 2026-04-16 05:58:14 +00:00
transforms.rst doc/subslice: Document the subslice transform 2026-04-28 12:18:42 +00:00
vlan-keywords.rst detect: add vlan.layers keyword 2025-01-14 15:22:50 +01:00
websocket-keywords.rst detect/integers: generalize support for bitflags modifier 2025-10-17 18:17:24 +02:00
xbits.rst doc: move more rules to dedicated css container 2026-04-26 15:21:01 +00:00