The increasing number of connected devices and the complexity of Internet of Things (IoT) ecosystems are demanding new architectures for managing and securing these networked environments. Intrusion Detection Systems (IDS) are security solutions that help to detect and mitigate the threats that IoT systems face, but there is a need for new IDS strategies and architectures. This paper describes a development environment that allows the programming and debugging of distributed, rule-based multi-agent IDS solutions. The proposed solution consists in the integration of a rule engine into the agent, the use of a specialized, wrapping agent class with a graphical user interface for programming and debugging purposes, and a mechanism for the incremental composition of behaviors. A comparative study and an example IDS are used to test and show the suitability and validity of the approach. The JADE multi-agent middleware has been used for the practical implementations.