suricata

Detection engineering works best when the rule reflects a behavior you can explain, not just a string that looked scary once. I use Suricata for network patterns that are specific enough to matter operationally. Rule quality is a maintenance problem a