A guide to creating inverse Suricata IDS rules from Proofpoint Emerging Threats Tor signatures using sed and regex, enabling detection of outbound connections from internal hosts to Tor relays.