From f83c67bbb58d74fbe59a707ddc4558a20fbe213e Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@oisf.net>
Date: Wed, 7 Jun 2023 16:13:24 -0300
Subject: [PATCH] doc: add missing rule to engine-analysis section

The first report didn't have an example rule to go with.
---
 doc/userguide/configuration/suricata-yaml.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index e66b35cda87d..c63f5c878d7f 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -2474,6 +2474,8 @@ Example:
   [10703] 26/11/2010 -- 11:41:15 - (detect.c:560) <Info> (SigLoadSignatures)
   -- Engine-Analysis for fast_pattern printed to file - /var/log/suricata/rules_fast_pattern.txt
 
+  alert tcp any any -> any any (content:"Volume Serial Number"; sid:1292;)
+
   == Sid: 1292 ==
   Fast pattern matcher: content
   Fast pattern set: no