From: Eric Leblond <eric@regit.org>
Date: Mon, 18 Jan 2021 22:41:55 +0000 (+0100)
Subject: doc: document dataset-lookup
X-Git-Tag: suricata-7.0.0-rc1~469
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1a22cccd27cb215b60a49bd9a02cf588e35817c;p=thirdparty%2Fsuricata.git

doc: document dataset-lookup

Ticket: #5184
---

diff --git a/doc/userguide/rules/datasets.rst b/doc/userguide/rules/datasets.rst
index 232b59c698..6065e1a2bd 100644
--- a/doc/userguide/rules/datasets.rst
+++ b/doc/userguide/rules/datasets.rst
@@ -184,6 +184,26 @@ set name
 type
   Data type: string, md5, sha256
 
+dataset-lookup
+~~~~~~~~~~~~~~
+
+Unix Socket command to test if data is in a set. 
+
+Syntax::
+
+    dataset-lookup <set name> <set type> <data>
+
+set name
+  Name of an already defined dataset
+type
+  Data type: string, md5, sha256
+data
+  Data to test in serialized form (base64 for string, hex notation for md5/sha256)
+
+Example testing if 'google.com' is in the set 'myset'::
+
+    dataset-lookup myset string Z29vZ2xlLmNvbQ==
+
 dataset-dump
 ~~~~~~~~~~~~