From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Sat, 19 Feb 2022 06:33:10 +0000 (+0530)
Subject: doc: add usage of flowbits OR op
X-Git-Tag: suricata-7.0.0-beta1~859
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=015c9fe1e3aebd2a2f01b91d4e5f81d977bbdd9d;p=thirdparty%2Fsuricata.git

doc: add usage of flowbits OR op

Ticket 5130
---

diff --git a/doc/userguide/rules/flow-keywords.rst b/doc/userguide/rules/flow-keywords.rst
index 7a88691879..cec647dc1a 100644
--- a/doc/userguide/rules/flow-keywords.rst
+++ b/doc/userguide/rules/flow-keywords.rst
@@ -53,6 +53,13 @@ will be generated.
 It is possible to use flowbits several times in a rule and combine the
 different functions.
 
+It is also possible to perform an `OR` operation with flowbits with `|` op.
+
+Example::
+  alert http any any -> any any (msg: "User1 or User2 logged in"; content:"login"; flowbits:isset,user1|user2; sid:1;)
+
+This can be used with either `isset` or `isnotset` action.
+
 flow
 ----