From: jason taylor <jtfas90@gmail.com>
Date: Wed, 20 Sep 2023 20:51:52 +0000 (+0000)
Subject: doc: update ftp keyword doc example rule format
X-Git-Tag: suricata-8.0.0-beta1~1971
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4077b880365cf447b94dd10781a7754ea778949;p=thirdparty%2Fsuricata.git

doc: update ftp keyword doc example rule format

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/doc/userguide/rules/ftp-keywords.rst b/doc/userguide/rules/ftp-keywords.rst
index 0d25f60312..d934516844 100644
--- a/doc/userguide/rules/ftp-keywords.rst
+++ b/doc/userguide/rules/ftp-keywords.rst
@@ -1,6 +1,8 @@
 FTP/FTP-DATA Keywords
 =====================
 
+.. role:: example-rule-options
+
 ftpdata_command
 ---------------
 
@@ -12,14 +14,13 @@ Syntax::
 
   ftpdata_command:(retr|stor)
 
-Examples::
-
-  ftpdata_command:retr
-  ftpdata_command:stor
+Signature Example:
 
-Signature example::
+.. container:: example-rule
 
- alert ftp-data any any -> any any (msg:"FTP store password"; filestore; filename:"password"; ftpdata_command:stor; sid:3; rev:1;)
+  alert ftp-data any any -> any any (msg:"FTP store password"; \
+  filestore; filename:"password"; \
+  :example-rule-options:`ftpdata_command:stor;` sid:3; rev:1;)
 
 ftpbounce
 ---------
@@ -35,9 +36,12 @@ file.name
 
 The ``file.name`` keyword can be used at the FTP application level.
 
-Example::
+Signature Example:
+
+.. container:: example-rule
 
-alert ftp-data any any -> any any (msg:"ftp layer file.name keyword usage"; \
-file.name; content:"file.txt"; classtype:bad-unknown; sid:1; rev:1;)
+  alert ftp-data any any -> any any (msg:"FTP file.name usage"; \
+  :example-rule-options:`file.name; content:"file.txt";` \
+  classtype:bad-unknown; sid:1; rev:1;)
 
 For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
\ No newline at end of file