userguide: update id keyword information

author jason taylor <jtfas90@gmail.com>

Tue, 11 Oct 2022 22:00:21 +0000 (22:00 +0000)

committer Victor Julien <vjulien@oisf.net>

Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)
author jason taylor <jtfas90@gmail.com>
Tue, 11 Oct 2022 22:00:21 +0000 (22:00 +0000)
committer Victor Julien <vjulien@oisf.net>
Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)
diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst

index c0e033542a63d73306ed8201c877d8b644b5e46a..2025f0090d58c64cc4be5075d9f23c41cd402979 100644 (file)
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -159,7 +159,7 @@ Example of id in a rule:
  
  .. container:: example-rule
  
-    alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED F5 BIG-IP 3DNS TCP Probe 1"; :example-rule-emphasis:`id: 1;` dsize: 24; flags: S,12; content:"\|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\|"; window: 2048; reference:url,www.f5.com/f5products/v9intro/index.html; reference:url,doc.emergingthreats.net/2001609; classtype:misc-activity; sid:2001609; rev:13;)
+    alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"id keyword example"; :example-rule-emphasis:`id:1;` content:"content|3a 20|"; fast_pattern; classtype:misc-activity; sid:12; rev:1;)
  
  geoip
  ^^^^^
author	jason taylor <jtfas90@gmail.com>
	Tue, 11 Oct 2022 22:00:21 +0000 (22:00 +0000)
committer	Victor Julien <vjulien@oisf.net>
	Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)