Suricata

Some aspects of how Suricata handles signatures can be a black box, not
being documented anywhere other than the source code itself.

Bring the main aspects to our documentation, so both rule writers and developers
can get a baseline understanding of this.