oisf/suricata — reverse-engineered prompt

Build me a Suricata style network security tool that can watch network traffic, inspect packet captures, and alert when it sees suspicious behavior. I want it to work as an IDS for passive monitoring, have an IPS mode for blocking when configured, and also be useful for general network security monitoring.

It should have a clear command line workflow, a main configuration file, a place to keep detection rules, and useful logs that security people can read later. Include examples for running it on a live network interface and against a saved pcap file. Please also include a simple way to update or manage rules, basic tests, and documentation for installing, configuring, and contributing.

Keep the first version practical and reliable rather than flashy. Since this handles untrusted traffic, pay attention to safety, crashes, and clear error handling. Look up the current Suricata docs online if you need guidance.