Cybersecurity is a primary issue in the development of smarter grid systems. Smart grid systems utilize a number of application protocols in order to implement their devices and services, and the information in the application protocols is useful for intrusion detection which is one of major security solutions. Stateful analysis based intrusion detection monitors network and system behaviours and keeps tracks of the behaviours in order to make detection decisions. In smart grid systems, monitoring these behaviours requires expert knowledge and tailoring for particular application protocols. In this paper, we present a framework for smart grid intrusion detection allowing stateful analysis methods to define its stateful rules that can be run on an open source network intrusion detection system, Suricata, in order to process their stateful analysis. A stateful rule defines a particular state of smart grid devices and will be examined with incoming network traffic in order to find any match. We also develop an application for IEC 61850 stateful analysis to show how the proposed framework can be implemented and work.