Home/Network IDS rules
IDS / IPS

Network IDS rules

52,377 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 52,377
et-open trojan-activity
ET P2P Phatbot Control Connection
sid 2000015 format suricata
et-open attempted-user
ET WEB_SERVER SQL sp_password attempt
sid 2000105 format suricata
et-open attempted-user
ET WEB_SERVER SQL sp_delete_alert attempt
sid 2000106 format suricata
et-open misc-activity
ET POLICY Outbound Multiple Non-SMTP Server Emails
sid 2000328 format suricata
et-open policy-violation
ET P2P ed2k request part
sid 2000332 format suricata
et-open policy-violation
ET P2P ed2k file request answer
sid 2000333 format suricata
et-open policy-violation
ET P2P BitTorrent peer sync
sid 2000334 format suricata
et-open misc-activity
ET INFO IRC Nick change on non-standard port
sid 2000345 format suricata
et-open trojan-activity
ET MALWARE IRC Private message on non-standard port
sid 2000347 format suricata
et-open unusual-client-port-connection
ET POLICY IRC Channel JOIN on non-standard port
sid 2000348 format suricata
et-open non-standard-protocol
ET POLICY IRC DCC file transfer request on non-std port
sid 2000349 format suricata
et-open policy-violation
ET MALWARE IRC DCC chat request on non-standard port
sid 2000350 format suricata
et-open policy-violation
ET MALWARE IRC Channel join on non-standard port
sid 2000351 format suricata
et-open policy-violation
ET MALWARE IRC DNS request on non-standard port
sid 2000352 format suricata
et-open misc-activity
ET CHAT IRC authorization message
sid 2000355 format suricata
et-open policy-violation
ET P2P BitTorrent Traffic
sid 2000357 format suricata
et-open policy-violation
ET P2P BitTorrent Announce
sid 2000369 format suricata
et-open policy-violation
ET POLICY Executable and linking format (ELF) file download
sid 2000418 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM1
sid 2000499 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM2
sid 2000500 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM3
sid 2000501 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM4
sid 2000502 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT1
sid 2000503 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT2
sid 2000504 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT3
sid 2000505 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT4
sid 2000506 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access AUX
sid 2000507 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access NULL
sid 2000508 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e Password Hash Retrieval port 445
sid 2000563 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e pwservice.exe Access port 445
sid 2000564 format suricata
et-open suspicious-login
ET EXPLOIT Pwdump3e Session Established Reg-Entry port 139
sid 2000565 format suricata
et-open suspicious-login
ET EXPLOIT Pwdump3e Session Established Reg-Entry port 445
sid 2000566 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e pwservice.exe Access port 139
sid 2000567 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e Password Hash Retrieval port 139
sid 2000568 format suricata
et-open policy-violation
ET POLICY AOL Webmail Message Send
sid 2000571 format suricata
et-open misc-activity
ET SCAN ICMP PING IPTools
sid 2000575 format suricata
et-open pup-activity
ET ADWARE_PUP Ezula Related User-Agent (mez)
sid 2000586 format suricata
et-open pup-activity
ET ADWARE_PUP Gator/Claria Data Submission
sid 2000596 format suricata
et-open pup-activity
ET ADWARE_PUP Keenvalue Update Engine
sid 2000932 format suricata
et-open pup-activity
ET ADWARE_PUP Casino on Net Reporting Data
sid 2001031 format suricata
et-open policy-violation
ET P2P Morpheus Install
sid 2001035 format suricata
et-open policy-violation
ET P2P Morpheus Install ini Download
sid 2001036 format suricata
et-open policy-violation
ET P2P Morpheus Update Request
sid 2001037 format suricata
et-open misc-activity
ET EXPLOIT NTDump Session Established Reg-Entry port 139
sid 2001052 format suricata
et-open misc-activity
ET EXPLOIT NTDump.exe Service Started port 139
sid 2001053 format suricata
et-open policy-violation
ET P2P Ares traffic
sid 2001059 format suricata
et-open policy-violation
ET P2P Soulseek Filesearch Results
sid 2001187 format suricata
et-open policy-violation
ET P2P Soulseek
sid 2001188 format suricata
et-open misc-activity
ET EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT
sid 2001195 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHPNuke SQL injection attempt
sid 2001197 format suricata
Showing 1-50 of 52,377
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin