suricata IDS的规则，测试在用的，部分自写的规则视情况放出。 规则如下

• myself.rules 目前没有放出，主要是识别木马
• botcc.rules
• btc.rules
• files.rules
• cobaltstrike.rules
• dnstunnel.rules
• Mining_Behavior_Detection.rules
• Maliciousbehavior.rules
• mysql_general_log_file.rules
• traffic_anomalies.rules
• suspicious.rules
• tor.rules
• web.rules
• empire.rules
• webshell.rules
• metasploit.rules
• http-events.rules # available in suricata sources under rules dir
• smtp-events.rules # available in suricata sources under rules dir
• dns-events.rules # available in suricata sources under rules dir
• tls-events.rules # available in suricata sources under rules dir
• app-layer-events.rules
• decoder-events.rules