There are multiple parts to this:

1. Install the Suricata Package

Enter settings to download Snort and ET rules.

Navigate to Services → Suricata → Global Settings.

In Please Choose The Type Of Rules You Wish To Download:

• Install ETOpen Emerging Threats rules: Checked.
• Install ETPro Emerging Threats rules: Not Checked.
• ETPro Subscription Configuration Code: <blank>.
• Install Snort rules: Checked.
• Snort Rules Filename: snortrules-snapshot-29170.tar.gz.
• Snort Oinkmaster Code: Set this to your personal Oinkmaster Code obtained from your snort account page.
• Install Snort GPLv2 Community rules: Checked.
• Hide Deprecated Rules Categories: Not Checked.

In Rules Update Settings:

• Update Interval: 6 Hours.
• Update Start Time: 00:10. The default.
• Live Rule Swap on Update: Checked.
• GeoLite2 DB Update: Checked.
• GeoLite2 DB License Key: Enter your personal MaxMind GeoLite2 DB key.

In General Settings:

• Remove Blocked Hosts Interval: 1 Hour
• Log to System Log: Not Checked.
• Keep Suricata Settings After Deinstall: Checked.

Navigate to Services → Suricata → Updates.

Click Update.

Navigate to Services → Suricata → Interfaces.

Click Add.

In General Settings:

• Enable: Checked.
• Interface: WAN (pppoe0).
• Description: WAN.

In Logging Settings:

• Send Alerts to System Log: Not Checked.
• Enable Stats Collection: Not Checked.
• Enable HTTP Log: Checked.
• Append HTTP Log: Checked.
• Log Extended HTTP Info: Checked.
• Enable TLS Log: Not Checked.
• Enable File-Store: Not Checked.
• Enable Packet Log: Not Checked.

In EVE Output Settings:

• EVE JSON Log: Not Checked.

In Alert and Block Settings:

• Block Offenders: Checked.
• IPS Mode: Legacy Mode.
• Kill States: Checked.
• Which IP to Block: Both.
• Block On DROP Only: Not Checked.

In Performance and Detection Engine Settings:

• Run Mode: AutoFP.
• Max Pending Packets: 1024.
• Detect-Engine Profile: High.
• Pattern Matcher Algorithm: Auto.
• Signature Group Header MPM Context: Auto.
• Inspection Recursion Limit: 3000.
• Delayed Detect: Not Checked.
• Promiscuous Mode: Checked.
• Interface PCAP Snaplen: 1518.

In Networks Suricata Should Inspect and Protect:

• Home Net: default:
• External Net: default.
• Pass List: default.

In Alert Suppression and Filtering:

• Alert Suppression and Filtering: default.

In Arguments here will be automatically inserted into the Suricata configuration:

• Advanced Configuration Pass-Through: <blank>.

Click on WAN Categories.

In Select the rulesets (Categories) Suricata will load at startup:

• Within each Ruleset, click the checkbox against whichever rules to enable.
• Ruleset: ET Open Rules:
  • emerging-attack_response.rules
  • emerging-botcc.portgrouped.rules
  • emerging-botcc.rules
  • emerging-ciarmy.rules
  • emerging-coinminer.rules
  • emerging-compromised.rules
  • emerging-current_events.rules
  • emerging-dos.rules
  • emerging-dshield.rules
  • emerging-exploit.rules
  • emerging-malware.rules
  • emerging-mobile_malware.rules
  • emerging-phishing.rules
  • emerging-scan.rules
  • emerging-worm.rules
• Ruleset: Snort Text Rules:
  • snort_attack-responses.rules
  • snort_backdoor.rules
  • snort_bad-traffic.rules
  • snort_blacklist.rules
  • snort_botnet-cnc.rules
  • snort_ddos.rules
  • snort_dos.rules
  • snort_exploit-kit.rules
  • snort_exploit.rules
  • snort_malware-backdoor.rules
  • snort_malware-cnc.rules
  • snort_malware-other.rules
  • snort_malware-tools.rules
  • snort_phishing-spam.rules
  • snort_policy-spam.rules
  • snort_scan.rules
  • snort_specific-threats.rules
  • snort_spyware-put.rules
  • snort_virus.rules
  • snort_web-attacks.rules

Navigate to Services → Suricata → Pass List.

To suppress certain snort and ET signatures since initially there a bunch of False Positives.

This is accomplished under Services → Suricata → Suppress.

Choose what rule categories to enable:

Navigate to Services → Suricata → Interfaces → WAN Categories.