From: jason taylor Date: Fri, 3 Jun 2022 19:48:00 +0000 (+0000) Subject: doc: minor example rule description update X-Git-Tag: suricata-7.0.0-beta1~402 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76cca8b08ab7babc2ecfb50afc74a296ec456cda;p=thirdparty%2Fsuricata.git doc: minor example rule description update Signed-off-by: jason taylor --- diff --git a/doc/userguide/rules/intro.rst b/doc/userguide/rules/intro.rst index 289ff27776..ac5fe627d3 100644 --- a/doc/userguide/rules/intro.rst +++ b/doc/userguide/rules/intro.rst @@ -105,8 +105,8 @@ you can pick from. These are: The availability of these protocols depends on whether the protocol is enabled in the configuration file, suricata.yaml. -If you have a signature with, for instance 'http' protocol, Suricata -makes sure the signature will only match if the tcp stream contains http traffic. +If you have a signature with the protocol declared as 'http', Suricata makes +sure the signature will only match if the TCP stream contains http traffic. Source and destination ---------------------- @@ -114,9 +114,9 @@ Source and destination alert http :example-rule-emphasis:`$HOME_NET` any -> :example-rule-emphasis:`$EXTERNAL_NET` any (msg:"HTTP GET Request Containing Rule in URI"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"rule"; fast_pattern; classtype:bad-unknown; sid:123; rev:1;) -*The first emphasized part is the source, the second is the destination (note the direction of the directional arrow).* +*The first emphasized part is the traffic source, the second is the traffic destination (note the direction of the directional arrow).* -With source and destination, you specify the source of the traffic and the +With the source and destination, you specify the source of the traffic and the destination of the traffic, respectively. You can assign IP addresses, (both IPv4 and IPv6 are supported) and IP ranges. These can be combined with operators: