Change capa-rules version in installation guide (#2965)

* Change capa-rules version in installation guide

Updated the installation instructions to reflect the newest version of capa-rules.

* add md files from /doc to bumpversion.toml

* adjust rule installation command

* bump to 9.4.0

.bumpversion.toml

@@ -25,3 +25,18 @@ replace = "v{current_version}...{new_version}"
 filename = "CHANGELOG.md"
 search = "master (unreleased)"
 replace = "v{new_version}"
+
+[[tool.bumpversion.files]]
+filename = "doc/installation.md"
+search = "v{current_version}.zip"
+replace = "v{new_version}.zip"
+
+[[tool.bumpversion.files]]
+filename = "doc/installation.md"
+search = "capa-rules-{current_version}/"
+replace = "capa-rules-{new_version}/"
+
+[[tool.bumpversion.files]]
+filename = "doc/rules.md"
+search = "capa {current_version}"
+replace = "capa {new_version}"

doc/installation.md

@@ -30,9 +30,9 @@ This method is appropriate for integrating capa in an existing project.
 This technique doesn't pull the default rule set. You can obtain rule releases from [capa-rules](https://github.com/mandiant/capa-rules/releases) and pass the directory to the entrypoint using `-r`. In the IDA Pro plugin you need to configure the rules directory path once.
 
 ```console
-$ wget https://github.com/mandiant/capa-rules/archive/refs/tags/v4.0.0.zip
+$ wget https://github.com/mandiant/capa-rules/archive/refs/tags/v9.4.0.zip
-$ unzip v4.0.0.zip
+$ unzip v9.4.0.zip
-$ capa -r /path/to/capa-rules suspicious.exe
+$ capa -r capa-rules-v9.4.0/ suspicious.exe
 ```
 
 This technique also doesn't set up the default library identification [signatures](https://github.com/mandiant/capa/tree/master/sigs). You can pass the signature directory using the `-s` argument.

doc/rules.md

@@ -39,5 +39,5 @@ You can check the version of capa you're currently using like this:
                          
 ```console
 $ capa --version
-capa 3.0.3
+capa 9.4.0
 ```