doc: add usage of flowbits OR op

author Shivani Bhardwaj <shivanib134@gmail.com>

Sat, 19 Feb 2022 06:33:10 +0000 (12:03 +0530)

committer Victor Julien <vjulien@oisf.net>

Tue, 22 Feb 2022 19:07:52 +0000 (20:07 +0100)
author Shivani Bhardwaj <shivanib134@gmail.com>
Sat, 19 Feb 2022 06:33:10 +0000 (12:03 +0530)
committer Victor Julien <vjulien@oisf.net>
Tue, 22 Feb 2022 19:07:52 +0000 (20:07 +0100)
diff --git a/doc/userguide/rules/flow-keywords.rst b/doc/userguide/rules/flow-keywords.rst

index 7a886918799490e6684b2f379c1587991c1915c1..cec647dc1a2a4c5e55a53b4d1a1f9dffed8b6685 100644 (file)
--- a/doc/userguide/rules/flow-keywords.rst
+++ b/doc/userguide/rules/flow-keywords.rst
@@ -53,6 +53,13 @@ will be generated.
  It is possible to use flowbits several times in a rule and combine the
  different functions.
  
+It is also possible to perform an `OR` operation with flowbits with `|` op.
+
+Example::
+  alert http any any -> any any (msg: "User1 or User2 logged in"; content:"login"; flowbits:isset,user1|user2; sid:1;)
+
+This can be used with either `isset` or `isnotset` action.
+
  flow
  ----
author	Shivani Bhardwaj <shivanib134@gmail.com>
	Sat, 19 Feb 2022 06:33:10 +0000 (12:03 +0530)
committer	Victor Julien <vjulien@oisf.net>
	Tue, 22 Feb 2022 19:07:52 +0000 (20:07 +0100)