From: jason taylor <jtfas90@gmail.com>
Date: Wed, 20 Sep 2023 20:44:36 +0000 (+0000)
Subject: doc: add file.name information to ftp keyword doc
X-Git-Tag: suricata-8.0.0-beta1~1972
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb1f7575d388234afcf2dd85f67f3da9b8b40dea;p=thirdparty%2Fsuricata.git

doc: add file.name information to ftp keyword doc

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/doc/userguide/rules/ftp-keywords.rst b/doc/userguide/rules/ftp-keywords.rst
index 068b14e33c..0d25f60312 100644
--- a/doc/userguide/rules/ftp-keywords.rst
+++ b/doc/userguide/rules/ftp-keywords.rst
@@ -29,3 +29,15 @@ Detect FTP bounce attacks.
 Syntax::
 
   ftpbounce
+
+file.name
+---------
+
+The ``file.name`` keyword can be used at the FTP application level.
+
+Example::
+
+alert ftp-data any any -> any any (msg:"ftp layer file.name keyword usage"; \
+file.name; content:"file.txt"; classtype:bad-unknown; sid:1; rev:1;)
+
+For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
\ No newline at end of file