From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Fri, 28 Jan 2022 12:13:10 +0000 (+0530)
Subject: doc/xbits: clarify noalert usage
X-Git-Tag: suricata-6.0.5~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e9f42c744b2c849fef4dc6c34f5d18d4fb80aa3;p=thirdparty%2Fsuricata.git

doc/xbits: clarify noalert usage
---

diff --git a/doc/userguide/rules/xbits.rst b/doc/userguide/rules/xbits.rst
index ca48874f9f..9977feb309 100644
--- a/doc/userguide/rules/xbits.rst
+++ b/doc/userguide/rules/xbits.rst
@@ -8,8 +8,7 @@ Syntax::
     xbits:<set|unset|isset|isnotset|toggle>,<name>,track <ip_src|ip_dst|ip_pair>;
     xbits:<set|unset|isset|toggle>,<name>,track <ip_src|ip_dst|ip_pair> \
         [,expire <seconds>];
-    xbits:<set|unset|isset|toggle>,<name>,track <ip_src|ip_dst|ip_pair> \
-        [,expire <seconds>];
+    xbits:nolert;
 
 Notes
 ~~~~~
@@ -21,7 +20,7 @@ Notes
    ``track ip_dst``, if you want to match on the server response,
    you check it (``isset``) with ``track ip_src``.
 
--  To not alert, use ``noalert;``
+-  To not alert, use ``noalert`` as a standalone option to ``xbits`` just like flowbits.
 
 - the ``toggle`` option will flip the value of the xbits.