From 33e490e4fa51739f0103dda24aa0c034bbde04b8 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Sat, 2 Mar 2019 12:23:44 +0100
Subject: [PATCH] Titles in Examples

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 1fb739e06..a7eab8067 100644
--- a/README.md
+++ b/README.md
@@ -151,22 +151,27 @@ optional arguments:
 
 ### Examples
 
+#### Single Rule Translation
 Translate a single rule
 ```
 tools/sigmac -t splunk rules/windows/sysmon/sysmon_susp_image_load.yml
 ```
+#### Rule Set Translation
 Translate a whole rule directory and ignore backend errors (`-I`) in rule conversion for the selected backend (`-t splunk`)
 ```
 tools/sigmac -I -t splunk -r rules/windows/sysmon/
 ```
+#### Rule Set Translation with Custom Config 
 Apply your own config file (`-c ~/my-elk-winlogbeat.yml`) during conversion, which can contain you custom field and source mappings
 ```
 tools/sigmac -t es-qs -c ~/my-elk-winlogbeat.yml -r rules/windows/sysmon
 ```
+#### Generic Rule Set Translation
 Use a config file for `process_creation` rules (`-r rules/windows/process_creation`) that instructs sigmac to create queries for a Sysmon log source (`-c tools/config/generic/sysmon.yml`) and the ElasticSearch target backend (`-t es-qs`) 
 ```
 tools/sigmac -t es-qs -c tools/config/generic/sysmon.yml -r rules/windows/process_creation
 ```
+#### Generic Rule Set Translation with Custom Config
 Use a config file for a single `process_creation` rule (`./rules/windows/process_creation/win_susp_outlook.yml`) that instructs sigmac to create queries for process creation events generated in the Windows Security Eventlog (`-c tools/config/generic/windows-audit.yml`) and a Splunk target backend (`-t splunk`)
 ```
 tools/sigmac -t splunk -c ~/my-splunk-mapping.yml -c tools/config/generic/windows-audit.yml ./rules/windows/process_creation/win_susp_outlook.yml