Running IDS/IPS on DMZ-PBX

Those that are running Suricata IDS/IPS on your DMZ-PBX, what are some of the rules you choose other than Suricata’s emerging-voip rules or Snort’s protocol-voip and Snort’s subscriber voip rules? Research suggests security problems voip faces are malware, voip phishing, DoS or MITM, etc.

I have a pfSense DMZ-PBX setup and have been using Suricata for about four years on pfSense.

Well, according to: EmergingFAQ < Main < EmergingThreats,
VOIP Rules
A new and emerging ruleset. Small at the moment, but we expect it to grow soon.