Skip to content

Commit

Permalink
userguide: explain rule types and categorization
Browse files Browse the repository at this point in the history
Add documentation about the rule types introduced by 2696fda.

Add doc tags around code definitions that are referenced in the docs.

Task #https://redmine.openinfosecfoundation.org/issues/7031
  • Loading branch information
jufajardini committed Dec 2, 2024
1 parent bd86563 commit a902f5f
Show file tree
Hide file tree
Showing 7 changed files with 1,047 additions and 0 deletions.
2 changes: 2 additions & 0 deletions doc/userguide/configuration/suricata-yaml.rst
Original file line number Diff line number Diff line change
Expand Up @@ -2577,6 +2577,8 @@ Engine analysis and profiling
Suricata offers several ways of analyzing performance of rules and the
engine itself.

.. _config:engine-analysis:

Engine-analysis
~~~~~~~~~~~~~~~

Expand Down
1 change: 1 addition & 0 deletions doc/userguide/rules/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ Suricata Rules
.. toctree::

intro
rule-types
meta
header-keywords
payload-keywords
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0" version="24.9.1">
<diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">
<mxGraphModel dx="2261" dy="792" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
<root>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-0" />
<mxCell id="WIyWlLk6GJQsqaUBKTNV-1" parent="WIyWlLk6GJQsqaUBKTNV-0" />
<mxCell id="WIyWlLk6GJQsqaUBKTNV-4" value="No" style="rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;edgeStyle=orthogonalEdgeStyle;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-6" target="WIyWlLk6GJQsqaUBKTNV-10" edge="1">
<mxGeometry y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-5" value="No" style="edgeStyle=orthogonalEdgeStyle;rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="2s8PCpyst4B-AYq6nZVi-2" target="WIyWlLk6GJQsqaUBKTNV-7" edge="1">
<mxGeometry x="0.0039" y="15" relative="1" as="geometry">
<mxPoint as="offset" />
<mxPoint x="-120" y="220" as="sourcePoint" />
<Array as="points">
<mxPoint x="-120" y="195" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-1" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;endArrow=blockThin;endFill=1;fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-6" target="2s8PCpyst4B-AYq6nZVi-2" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="-120" y="200" as="targetPoint" />
<Array as="points">
<mxPoint x="-120" y="360" />
<mxPoint x="-120" y="360" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="YKtqplUdx_BT4Hee0G-G-2" value="Yes" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=16;fontStyle=0" vertex="1" connectable="0" parent="2s8PCpyst4B-AYq6nZVi-1">
<mxGeometry x="-0.05" y="-3" relative="1" as="geometry">
<mxPoint x="17" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-6" value="Is IpOnly" style="rhombus;html=1;shadow=1;fontFamily=Helvetica;fontSize=16;align=center;strokeWidth=1;spacing=5;spacingTop=2;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-170" y="390" width="100" height="80" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-7" value="&lt;span&gt;IP Only&lt;/span&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="213.5" y="160" width="91" height="70" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-8" value="No" style="rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;edgeStyle=orthogonalEdgeStyle;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-10" target="WIyWlLk6GJQsqaUBKTNV-11" edge="1">
<mxGeometry x="0.3333" y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-9" value="Yes" style="edgeStyle=orthogonalEdgeStyle;rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-10" target="WIyWlLk6GJQsqaUBKTNV-12" edge="1">
<mxGeometry x="-0.0769" y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-10" value="Is DEOnly" style="rhombus;html=1;shadow=1;fontFamily=Helvetica;fontSize=16;align=center;strokeWidth=1;spacing=5;spacingTop=2;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry y="390" width="100" height="80" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-11" value="Handle &lt;span&gt;&#39;Packet&#39;&lt;/span&gt;, &lt;span&gt;&#39;Stream&#39;&lt;/span&gt;, &#39;&lt;span&gt;AppLayer&#39;&lt;/span&gt; and &lt;span&gt;&#39;AppLayer Transaction&#39;&lt;/span&gt; rule types" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="163.5" y="375" width="191" height="110" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-12" value="&lt;span&gt;Decoder Events Only&lt;/span&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-30" y="535" width="160" height="55" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-0" value="Yes" style="edgeStyle=orthogonalEdgeStyle;rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="3Z0NyFf9CSu-jNyiQ6yW-1" target="3Z0NyFf9CSu-jNyiQ6yW-2" edge="1">
<mxGeometry x="-0.0769" y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-3" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;endArrow=blockThin;endFill=1;fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="3Z0NyFf9CSu-jNyiQ6yW-1" target="WIyWlLk6GJQsqaUBKTNV-6" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-4" value="No" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="3Z0NyFf9CSu-jNyiQ6yW-3" vertex="1" connectable="0">
<mxGeometry x="-0.1667" relative="1" as="geometry">
<mxPoint y="-20" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-1" value="Is IPDOnly" style="rhombus;html=1;shadow=1;fontFamily=Helvetica;fontSize=16;align=center;strokeWidth=1;spacing=5;spacingTop=2;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-340" y="390" width="100" height="80" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-2" value="&lt;span&gt;Protocol Detection Only&lt;/span&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-370" y="535" width="160" height="65" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-10" value="&lt;div&gt;&lt;span&gt;Like IP Only&lt;/span&gt;&lt;br&gt;(has negated address(es))&lt;br&gt;&lt;/div&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="183.5" y="260" width="151" height="70" as="geometry" />
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-3" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;endArrow=blockThin;endFill=1;fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="2s8PCpyst4B-AYq6nZVi-2" target="3Z0NyFf9CSu-jNyiQ6yW-10" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points" />
</mxGeometry>
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-4" value="&lt;div&gt;Yes&lt;br&gt;&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="2s8PCpyst4B-AYq6nZVi-3" vertex="1" connectable="0">
<mxGeometry x="-0.4" relative="1" as="geometry">
<mxPoint y="-20" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-2" value="&lt;div&gt;Contains&lt;/div&gt;&lt;div&gt;Negated&lt;/div&gt;&lt;div&gt;Address?&lt;/div&gt;" style="rhombus;html=1;fontSize=16;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-190" y="240" width="140" height="110" as="geometry" />
</mxCell>
<mxCell id="YKtqplUdx_BT4Hee0G-G-1" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;endArrow=blockThin;endFill=1;fontSize=16;shadow=1;fontStyle=0" edge="1" parent="WIyWlLk6GJQsqaUBKTNV-1" source="YKtqplUdx_BT4Hee0G-G-0" target="3Z0NyFf9CSu-jNyiQ6yW-1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="YKtqplUdx_BT4Hee0G-G-0" value="Signature" style="shape=parallelogram;html=1;strokeWidth=1;perimeter=parallelogramPerimeter;whiteSpace=wrap;rounded=1;arcSize=12;size=0.23;fontSize=16;shadow=1;fontStyle=0" vertex="1" parent="WIyWlLk6GJQsqaUBKTNV-1">
<mxGeometry x="-345" y="230" width="110" height="60" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>
Loading

0 comments on commit a902f5f

Please sign in to comment.