doc: update http.method keyword

ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>

diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst
index d3ff6418e0727addf28952a934ad365505df99c5..86d031bf8deb3012e3a0358de408cf8c2fdd3125 100644 (file)
--- a/doc/userguide/rules/http-keywords.rst
+++ b/doc/userguide/rules/http-keywords.rst
@@ -105,19 +105,32 @@ with relative modifiers.
 http.method
 -----------
 
-With the ``http.method`` sticky buffer, it is possible to match
-specifically and only on the HTTP method buffer. The keyword can be
-used in combination with all previously mentioned content modifiers
-such as: ``depth``, ``distance``, ``offset``, ``nocase`` and ``within``.
+The ``http.method`` keyword matches on the method/verb used in an HTTP request.
+HTTP request methods can be any of the following:
 
-Examples of methods are: **GET**, **POST**, **PUT**, **HEAD**,
-**DELETE**, **TRACE**, **OPTIONS**, **CONNECT** and **PATCH**.
+* GET
+* POST
+* HEAD
+* OPTIONS
+* PUT
+* DELETE
+* TRACE
+* CONNECT
+* PATCH
 
-Example of a method in a HTTP request:
+It is possible to use any of the :doc:`payload-keywords` with the ``http.method`` keyword.
 
+Example HTTP Request::
+
+  GET /index.html HTTP/1.1
+  User-Agent: Mozilla/5.0
+  Host: suricata.io
 
+.. container:: example-rule
 
-Example of the purpose of method:
+  alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"HTTP Request Example"; \
+  flow:established,to_server; :example-rule-options:`http.method; \
+  content:"GET";` classtype:bad-unknown; sid:2; rev:1;)
 
 .. _rules-http-uri-normalization: