diff --git a/rules/Makefile.am b/rules/Makefile.am
index 785b25b269..73226efb3a 100644
--- a/rules/Makefile.am
+++ b/rules/Makefile.am
@@ -25,6 +25,7 @@ pop3-events.rules \
 quic-events.rules \
 rfb-events.rules \
 sctp-events.rules \
+sip-events.rules \
 smb-events.rules \
 smtp-events.rules \
 snmp-events.rules \
diff --git a/rules/README.md b/rules/README.md
index b4abaf6128..90a266e320 100644
--- a/rules/README.md
+++ b/rules/README.md
@@ -41,4 +41,5 @@ signature IDs.
 | Bittorent| 2243000 | 2243999 |
 | MODBUS   | 2250000 | 2250999 |
 | DNP3     | 2270000 | 2270999 |
+| SIP      | 2280000 | 2280999 |
 | HTTP2    | 2290000 | 2290999 |
diff --git a/rules/sip-events.rules b/rules/sip-events.rules
new file mode 100644
index 0000000000..351d073866
--- /dev/null
+++ b/rules/sip-events.rules
@@ -0,0 +1,5 @@
+# SIP app layer event rules
+#
+# SID's fall in the 2280000-2280999 range.
+#
+alert sip any any -> any any (msg:"SURICATA SIP invalid data"; app-layer-event:sip.invalid_data; classtype:protocol-command-decode; sid:2280001; rev:1;)