JamesSeems you can push entire blog posts or even novels on this platform with the 11k character limit, wild. Since I have that many characters to use, here are a couple of resources for further understanding Surciata/Snort signatures and some of the common buffers you may come across.
Authored by myself, focused on SSL/TLS signatures - https://justjamesnow.github.io/Suricata-Round-1/
Authored by a co-worker, focused on understanding & using byte_jump effectively - https://community.emergingthreats.net/t/the-complexities-of-byte-jump/111
You can expect similar from this account in the future as well as various IOCs (when possible) and a bunch of free detection stuff.
Signature Dissection - Round 1!
Recently, I was speaking to Forgotten and a couple of others regarding the information and guidance available for truly understanding Snort/Suricata signatures. While documentation and the odd blog post does exist, the more advanced features and lack of context for signatures can become overwhelming rather quickly without guidance. This post aims to dissect Suricata signatures of various difficulties with explanation of how the signature works.