doc: add file.name information to smb keyword doc

author jason taylor <jtfas90@gmail.com>

Wed, 20 Sep 2023 20:58:21 +0000 (20:58 +0000)

committer Victor Julien <victor@inliniac.net>

Wed, 6 Dec 2023 14:26:59 +0000 (15:26 +0100)
author jason taylor <jtfas90@gmail.com>
Wed, 20 Sep 2023 20:58:21 +0000 (20:58 +0000)
committer Victor Julien <victor@inliniac.net>
Wed, 6 Dec 2023 14:26:59 +0000 (15:26 +0100)
diff --git a/doc/userguide/rules/smb-keywords.rst b/doc/userguide/rules/smb-keywords.rst

index 02cf190bc794dc67b43b68b4179b74ce20c4f8a3..13133354403dfe74f876a2213e870165e6cf7c72 100644 (file)
--- a/doc/userguide/rules/smb-keywords.rst
+++ b/doc/userguide/rules/smb-keywords.rst
@@ -1,6 +1,8 @@
  SMB Keywords
  ==============
  
+.. role:: example-rule-options
+
  SMB keywords used in both SMB1 and SMB2 protocols.
  
  smb.named_pipe
@@ -58,3 +60,18 @@ Examples::
  ``smb.ntlmssp_domain`` is a 'sticky buffer'.
  
  ``smb.ntlmssp_domain`` can be used as ``fast_pattern``.
+
+file.name
+---------
+
+The ``file.name`` keyword can be used at the SMB application level. 
+
+Signature Example:
+
+.. container:: example-rule
+
+  alert smb any any -> any any (msg:"SMB file.name usage"; \
+  :example-rule-options:`file.name; content:"file.txt";` \
+  classtype:bad-unknown; sid:1; rev:1;)
+
+For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
+\ No newline at end of file
author	jason taylor <jtfas90@gmail.com>
	Wed, 20 Sep 2023 20:58:21 +0000 (20:58 +0000)
committer	Victor Julien <victor@inliniac.net>
	Wed, 6 Dec 2023 14:26:59 +0000 (15:26 +0100)