Suricata

It would probably be useful if Suricata had more support for IoT related protocols, such as MQTT. Zeek has support for that (https://docs.zeek.org/en/current/scripts/policy/protocols/mqtt/main.zeek.html) and it seems to be used in some popular contexts, such as The Things Network.

Both detailed logging (to gather information about communicating parties and publisher/subscriber relationships, potentially allowing to implement anomaly detection on top of that) and indicator based detection (via rules) would be needed to gain visibility into such network activity.