There are currently the following rulesets available:
Free Rulesets
Note: In Core Update 185 the PT Attack Detection ruleset has been removed as it has not been updated for some years.
Emerging Threats Community Ruleset
They are free and community-maintained rules (further information) and cover scanning activities, attack patterns against various protocols, blacklists and more. No registration is required to use those rules.
Talos ruleset for registered users
These rules are usually more than 30 days old and can be used for free. Registration is required. Usually, the quality of these rules is a bit better than these of the Emergingthreats.net Community Rules.
Snort/VRT GPLv2 Community
These are free and GPL licenced snort rules. Usually, the quality is good. In 2013 according to the Snort blog, no registration is required.
Etnetera Aggressive Blacklist Rules
No information available on the Etnetera Website about this blacklist, what it targets or what the term Aggressive means in this context.
The list appears to be getting updated regularly.
OISF Traffic ID Rules
No information available on the OISF Website about this ruleset. The github site says that these are Suricata rules for identifying and classifying traffic.
The list was last updated in Nov 2022.
Not clear if this type of ruleset would require regular update as it is trying to identify traffic that is related to Instagram, Skype, Snapchat, Facebook, APT-GET etc
Travis Green - Hunting Rules
Suricata IDS alert rules for network anomaly detection. These rules are not performance focused.
This ruleset is being regularly updated.
Threatfox Indicators of Compromise Rules
ThreatFox is a project operated by abuse.ch. The purpose of the project is to collect and share indicators of compromise (IOCs), helping IT-security researchers and threat analysts protecting their constituency and customers from cyber threats.
As these are "indicators of compromise" there is a potential for false positives.
Test out in monitoring mode first to evaluate the false positive performance rate for your requirements.
This ruleset is being regularly updated.
Abuse.ch SSLBL Blacklist Rules
The Suricata SSL Certificate Ruleset is used to detect and/or block malicious SSL connections in your network based on the SSL certificate fingerprint.
This ruleset is being regularly updated.
Commercial Rulesets
Note: In Core Update 185 the Secureworks Enhanced, Malware and Security rulesets have been removed as they are no longer available..
Talos ruleset for users with subscription
Same as above, but they are chargeable and more current. These might be useful in productive environment, where you need reliable and up-to-date IDS rules.
Emerging Threats Pro (Proofpoint) Ruleset
The Emerging Threads Pro is a timely and accurate rule set for detecting and blocking advanced threats. It will be daily updated and covers more than 40 different categories of network behaviors, malware command and control, DoS attacks, botnets, informational events, exploits, vulnerabilities, SCADA network protocols, exploit kit activity, and more.
Which ruleset is right for me?
There is no clear answer to this and it might depend on many circumstances.
Large Company/Organisation
Please consult with your security consultants which ruleset you need. You are quite likely to need a commercial, large and up to date ruleset.
Medium-sized Business/Organisation
Consider if you need a cyber security team, but the minimum would be a commercial ruleset with a large number of rules enabled.
Small Business/Organisation
Consider the consequences of a compromise. If they are serious, either to you or to someone else (don't forget your responsibilities under the GDPR), you should be using the Talos ruleset for users with subscription, otherwise you may get by with either Talos ruleset for registered users or Emerging Threats Community Ruleset.
Home Use
Emerging Threats Community Ruleset
The Emerging Threats Community Ruleset is probably sufficient.
Talos ruleset
You could also use the Talos ruleset for registered users. A policy of Balanced-between-Security-and-Connectivity is probably sufficient.
You could also consider the Talos ruleset for users with subscription, but you should be eligible for the personal use licence, which is much cheaper.