doc: update file.name keyword information

Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>

diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst
index bae60c75f0e0b918f488ab003787d187bdb0f1ff..28c653c86b13244179b5e646fffe0026286a0050 100644 (file)
--- a/doc/userguide/rules/http-keywords.rst
+++ b/doc/userguide/rules/http-keywords.rst
@@ -1236,11 +1236,21 @@ setting.
 file.name
 ---------
 
-The ``file.name`` keyword can be used at the HTTP application level.
+The ``file.name`` keyword can be used with HTTP requests.
 
-Example::
+It is possible to use any of the :doc:`payload-keywords` with the
+``file.name`` keyword.
+
+Example HTTP Request::
+
+  GET /picture.jpg HTTP/1.1
+  User-Agent: Mozilla/5.0
+  Host: suricata.io
+
+.. container:: example-rule
 
-  alert http any any -> any any (msg:"http layer file.name keyword usage"; \
-  file.name; content:"picture.jpg"; classtype:bad-unknown; sid:1; rev:1;)
+  alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"HTTP file.name Example"; \
+  flow:established,to_client; :example-rule-options:`file.name; \
+  content:"picture.jpg";` classtype:bad-unknown; sid:129; rev:1;)
 
-For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
\ No newline at end of file
+.. note:: Additional information can be found at :doc:`file-keywords`
\ No newline at end of file