Suricata

The concern are these messages

1.

    Fast Pattern "\x0D\x0AHost\x0D\x0AConnection\x0D\x0A" on "" buffer.

     Fast Pattern "ABCD" on "" buffer. 

If so, instead of

""

It think if possible the buffer name whatever that buffer ends to be, for example something like... "tcp payload/udp packet payload".

With https://github.com/OISF/suricata/pull/4409 it looks better

== Sid: 88 ==
alert dns any any -> any any (dns.query; to_md5; to_sha256; content:"ABCD"; sid:88;)
    App layer protocol is dns.
    Rule contains 1 content options, 0 http content options, 0 pcre options, and 0 pcre options with http modifiers.
    Fast Pattern "ABCD" on "dns_query" (with 2 transform(s)) buffer.
    Warning: TCP rule without a flow or flags option.
             -Consider adding flow or flags to improve performance of this rule.

== Sid: 99 ==
alert http any any -> any any (flow:to_server; http_header_names; compress_whitespace; strip_whitespace; content:"|0d 0a|Host|0d 0a|Connection|0d 0a|"; sid:99;)
    App layer protocol is http.
    Rule contains 1 content options, 0 http content options, 0 pcre options, and 0 pcre options with http modifiers.
    Fast Pattern "\x0D\x0AHost\x0D\x0AConnection\x0D\x0A" on "http_header_names" (with 2 transform(s)) buffer.
    Warning: Rule app layer protocol is http, but content options do not have http_* modifiers.
             -Consider adding http content modifiers.
    Warning: TCP rule without a flow or flags option.
             -Consider adding flow or flags to improve performance of this rule.