Home/Network IDS rules
IDS / IPS

Network IDS rules

81 rules · linked to T1083 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

31 shown of 81
et-open misc-activity
ET HUNTING Outbound POST Request with Zipped Directory Traversal Filename
sid 2038503 format suricata
et-open attempted-admin
ET EXPLOIT QNAP Photo Station Path Traversal Attempt Inbound (CVE-2019-7195)
sid 2038698 format suricata
et-open trojan-activity
ET MALWARE Potential Juniper Path Traversal RCE Attempt (CVE-2022-22245)
sid 2039599 format suricata
et-open web-application-attack
ET EXPLOIT TIBCO JasperReports Directory Traversal Attempt (CVE-2018-18809)
sid 2043228 format suricata
et-open attempted-admin
ET EXPLOIT Sunlogin Sunflower Simplified 1.0.1.43315 Directory Traversal Attempt (CVE-2022-48323)
sid 2044205 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS PaperCut NG/MF Possible Directory Traversal/File Upload Exploit Attempt (CVE-2023-39143)
sid 2047631 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS PaperCut NG/MF Directory Traversal/File Upload Vulnerability Check (CVE-2023-39143)
sid 2047632 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via Path Traversal (CVE-2023-41266)
sid 2048366 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Apache Struts2 uploadFileName Directory Traversal Attempt (CVE-2023-50164) M1
sid 2049667 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Apache Struts2 uploadFileName Directory Traversal Attempt (CVE-2023-50164) M2
sid 2049668 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Apache Struts2 Possible uploadFileName Directory Traversal Attempt (CVE-2023-50164) - uploadFileName Parameter M1
sid 2049669 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Apache Struts2 Possible uploadFileName Directory Traversal Attempt (CVE-2023-50164) - uploadFileName Parameter M2
sid 2049670 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Ivanti Avalanche Directory Traversal Attempt (CVE-2023-41474)
sid 2050604 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Jetbrains TeamCity SwaggerUI REST API Directory Traversal Attempt (CVE-2024-24942)
sid 2050792 format suricata
et-open attempted-user
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M2 - logging Module Directory Traversal Attempt (CVE-2024-20767)
sid 2053030 format suricata
et-open attempted-recon
ET EXPLOIT HikVision Arbitrary Directory Traversal Attempt
sid 2053704 format suricata
et-open attempted-admin
ET EXPLOIT Splunk Unauthenticated Path Traversal Attempt Inbound (CVE-2024-36991)
sid 2054410 format suricata
et-open web-application-activity
ET WEB_SPECIFIC_APPS Progress WhatsUp Gold Pre-Auth WriteDataFile Directory Traversal RCE (CVE-2024-4883)
sid 2055953 format suricata
et-open attempted-recon
ET WEB_SPECIFIC_APPS SonicWall SMA1000 Directory Traversal Attempt (CVE-2023-0126)
sid 2056308 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Spring Framework FileSystemResource Path Traversal (CVE-2024-38816)
sid 2056315 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Mitel Micollab Directory Traversal Attempt (CVE-2020-11798)
sid 2056355 format suricata
et-open attempted-admin
ET EXPLOIT Ivanti Cloud Services Appliance Path Traversal Exploit Attempt (CVE-2024-8963)
sid 2056685 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Wordpress WPLMS Learning Management System Directory Traversal
sid 2057704 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Omnissa Workspace One Path Traversal (CVE-2025-25231)
sid 2066456 format suricata
et-open web-application-activity
ET WEB_SPECIFIC_APPS Progress WhatsUp Gold Pre-Auth WriteDataFile Directory Traversal RCE M2 (CVE-2024-4883)
sid 2068883 format suricata
et-open web-application-attack
GPL EXPLOIT unicode directory traversal attempt
sid 2100981 format suricata
et-open web-application-attack
GPL EXPLOIT unicode directory traversal attempt
sid 2100982 format suricata
et-open web-application-attack
GPL EXPLOIT unicode directory traversal attempt
sid 2100983 format suricata
et-open web-application-attack
GPL WEB_SERVER Tomcat directory traversal attempt
sid 2101055 format suricata
et-open protocol-command-decode
GPL FTP LIST directory traversal attempt
sid 2101992 format suricata
et-open misc-attack
GPL RPC kcms_server directory traversal attempt
sid 2102007 format suricata
Showing 51-81 of 81
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin