I got the error message
[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - rule 502021022 mixes keywords with conflicting directions
when I tested suricata rule down below,
[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature “alert http any any <> any any (msg:“Winstore connection”;content:“GET”;http_method;content:“blue.php?MNVal=”;http_uri;pcre:”/blue.php?MNVal=/U";content:"&FNVal=ConnInfo&DVal=";http_uri;pcre:"/&FNVal=ConnInfo&DVal=/U";content:“200”;http_stat_code;classtype:trojan-activity;sid:502021022;"
I found where the error happens from this page
Help modifying a signature from 4.18 to 5.03,
I knew the error happened cuz http_stat_code is a response key word and I fixed -> to <>, (one direction to bidirection), but still got the error msg, why was that happen?