Merge pull request #730 in SNORT/snort3 from sdf-doc to master

Squashed commit of the following:

commit 8944a32cad0a92c79c3b7ff2a546c8b55880316c
Author: Victor Roemer <viroemer@cisco.com>
Date:   Wed Nov 30 10:50:26 2016 -0500

    SDF-Doc take 2

diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
index 3822976e0eb7e123874b9c3f0f149c60716fa459..9584239ecb1228a516cee865e2d0f2935ea638c9 100644 (file)
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -36,8 +36,8 @@ set (
     building.txt
     daq.txt
     differences.txt
-    errors.txt
     enviro.txt
+    errors.txt
     extending.txt
     features.txt
     file_processing.txt
@@ -45,14 +45,15 @@ set (
     params.txt
     perf_monitor.txt
     reference.txt
+    sensitive_data.txt
     snort2lua.txt
-    snorty.png
     snort2x.png
     snort3x.png
     snort_manual.html
     snort_manual.pdf
     snort_manual.text
     snort_manual.txt
+    snorty.png
     start.txt
     style.txt
     terms.txt

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 9c74a41e2a804ecf609035b841d66a56695ed71f..c4ff88c3de0a3de072d4c9570d70bd2bdd0e4c4b 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -38,11 +38,12 @@ overview.txt \
 params.txt \
 perf_monitor.txt \
 reference.txt \
-snort_manual.txt \
+sensitive_data.txt \
 snort2lua.txt \
-snorty.png \
 snort2x.png \
 snort3x.png \
+snort_manual.txt \
+snorty.png \
 start.txt \
 style.txt \
 terms.txt \

diff --git a/doc/sensitive_data.txt b/doc/sensitive_data.txt
index 016147c1ef97860d20a25cc1ef04324bf47a4c8f..52c68eb5868f4be8aa9c639eec5e8237c7f885b2 100644 (file)
--- a/doc/sensitive_data.txt
+++ b/doc/sensitive_data.txt
@@ -1,12 +1,8 @@
-=== Overview
-
 The `sd_pattern` IPS option provides detection and filtering of Personally
 Identifiable Information (PII).  This information includes credit card
 numbers, U.S. Social Security numbers, and email addresses.  A rich regular
 expression syntax is available for defining your own PII. 
 
-=== Dependencies
-
 ==== Hyperscan
 
 The `sd_pattern` rule option is powered by the open source Hyperscan
@@ -14,7 +10,7 @@ library from Intel.  It provides a regex grammar which is mostly PCRE
 compatible. To learn more about Hyperscan see
 http://01org.github.io/hyperscan/dev-reference/
 
-=== Syntax 
+==== Syntax 
 
 Snort provides `sd_pattern` as IPS rule option with no additional inspector
 overhead.  The Rule option takes the following syntax.
@@ -51,8 +47,8 @@ regex, '\b' matches a word boundary (whitespace, end of line, non-word
 characters)  and '\w+' matches one or more word characters. '\.' matches
 a literal '.'.
 
-The above pattern would match "a@ourdomain.com", "aa@ourdomain.com" but
-would not match "1@ourdomain.com", "ab12@ourdomain.com" or "@ourdomain.com".
+The above pattern would match "a@ourdomain.com", "aa@ourdomain.com" but would
+not match `1@ourdomain.com` `ab12@ourdomain.com` or `@ourdomain.com`.
 
 Note: This is just an example, this pattern is not suitable to detect many
 correctly formatted emails.
@@ -75,7 +71,7 @@ This example requires 300 matches of the pattern "This is a string literal"
 to qualify as a positive match. That is, if the string only occurred 299x
 in a packet, you will not see an even.
 
-==== Obfuscating Credit Cards and Social Security Numbers
+===== Obfuscating Credit Cards and Social Security Numbers
 
 Snort provides discreet logging for the built in patterns "credit_card",
 "us_social" and "us_social_nodashes". Enabling `output.obfuscate_pii` makes
@@ -87,7 +83,7 @@ patterns. This configuration is disabled by default.
         obfuscate_pii = true
     }
 
-===== Example
+==== Example
 
 A complete Snort IPS rule