From: jason taylor <jtfas90@gmail.com>
Date: Wed, 20 Sep 2023 21:46:04 +0000 (+0000)
Subject: doc: add file.name information to smtp keyword doc
X-Git-Tag: suricata-8.0.0-beta1~1968
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc81c99b587af6201f57948929e2de13172078c9;p=thirdparty%2Fsuricata.git

doc: add file.name information to smtp keyword doc

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/doc/userguide/rules/index.rst b/doc/userguide/rules/index.rst
index 2715da79ac..e174c6787b 100644
--- a/doc/userguide/rules/index.rst
+++ b/doc/userguide/rules/index.rst
@@ -34,6 +34,7 @@ Suricata Rules
    http2-keywords
    quic-keywords
    nfs-keywords
+   smtp-keywords
    app-layer
    xbits
    thresholding
diff --git a/doc/userguide/rules/smtp-keywords.rst b/doc/userguide/rules/smtp-keywords.rst
new file mode 100644
index 0000000000..ec91f6fc0c
--- /dev/null
+++ b/doc/userguide/rules/smtp-keywords.rst
@@ -0,0 +1,19 @@
+SMTP Keywords
+=============
+
+.. role:: example-rule-options
+
+file.name
+---------
+
+The ``file.name`` keyword can be used at the SMTP application level. 
+
+Signature Example:
+
+.. container:: example-rule
+
+  alert smtp any any -> any any (msg:"SMTP file.name usage"; \
+  :example-rule-options:`file.name; content:"winmail.dat";` \
+  classtype:bad-unknown; sid:1; rev:1;)
+
+For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
\ No newline at end of file