There’s some documentation:
http://docs.nethserver.org/en/v7/suricata.html
http://docs.nethserver.org/projects/nethserver-devel/en/latest/nethserver-suricata.html
http://docs.nethserver.org/projects/nethserver-devel/en/latest/nethserver-evebox.html
https://suricata.readthedocs.io/en/suricata-4.1.2/
The ET TROJAN message seems to be a false positive, see IPS Network Problem
Here are good default settings and as recommended here, to minimize problems like false positives it’s easier to run the IPS on a Nethserver with gateway services(like firewall, proxy, fail2ban for example) only.