Home/Network IDS rules
IDS / IPS

Network IDS rules

206 rules · linked to T1219 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 206
et-open misc-activity
ET INFO Comodo Itarian RMM-related Domain (cmdm .comodo .com) in DNS Lookup
sid 2064012 format suricata
et-open misc-activity
ET INFO Comodo Itarian RMM-related Domain (one-us .comodo .com) in DNS Lookup
sid 2064013 format suricata
et-open misc-activity
ET INFO Comodo Itarian RMM-related Domain (itsm-us1 .comodo .com) in DNS Lookup
sid 2064014 format suricata
et-open misc-activity
ET INFO Observed Comodo ITarian RMM-related Domain (one .comodo .com) in TLS SNI
sid 2064015 format suricata
et-open misc-activity
ET INFO Observed Comodo ITarian RMM-related Domain (cmdm .comodo .com) in TLS SNI
sid 2064016 format suricata
et-open misc-activity
ET INFO Observed Comodo ITarian RMM-related Domain (one-us .comodo .com) in TLS SNI
sid 2064017 format suricata
et-open misc-activity
ET INFO Observed Comodo ITarian RMM-related Domain (itsm-us1 .comodo .com) in TLS SNI
sid 2064018 format suricata
et-open misc-activity
ET INFO Comodo Itarian RMM-related Domain (api .dragonplatform .net) in DNS Lookup
sid 2064102 format suricata
et-open misc-activity
ET INFO Comodo Itarian RMM-related Domain (cescollector .cwatchapi .com) in DNS Lookup
sid 2064103 format suricata
et-open misc-activity
ET INFO Comodo Itarian RMM-related Domain (mdmsupport .comodo .com) in DNS Lookup
sid 2064104 format suricata
et-open misc-activity
ET INFO Observed Comodo ITarian RMM-related Domain (api .dragonplatform .net) in TLS SNI
sid 2064105 format suricata
et-open misc-activity
ET INFO Observed Comodo ITarian RMM-related Domain (cescollector .cwatchapi .com) in TLS SNI
sid 2064106 format suricata
et-open misc-activity
ET INFO Observed Comodo ITarian RMM-related Domain (mdmsupport .comodo .com) in TLS SNI
sid 2064107 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (* .gotohttp .com)
sid 2064286 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (* .gotohttp .com)
sid 2064287 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (servicedesk .itarian .com)
sid 2064341 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (remoteaccess .itarian .com)
sid 2064342 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (servicedesk .itarian .com)
sid 2064344 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (remoteaccess .itarian .com)
sid 2064345 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (online .miradore .com)
sid 2065123 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (gateway .miradore .com)
sid 2065124 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (ejbca .miradore .com)
sid 2065125 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (mdmcontent .miradore .com)
sid 2065126 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (miradore .zendesk .com)
sid 2065127 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (mdnotificationservice .azurewebsites .net)
sid 2065128 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (gerwconline .blob .core .windows .net)
sid 2065129 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (online .miradore .com)
sid 2065130 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (gateway .miradore .com)
sid 2065131 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (ejbca .miradore .com)
sid 2065132 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (mdmcontent .miradore .com)
sid 2065133 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (miradore .zendesk .com)
sid 2065134 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (mdnotificationservice .azurewebsites .net)
sid 2065135 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (gerwconline .blob .core .windows .net)
sid 2065136 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Agent Request (*FILEAGENTD*)
sid 2065204 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Server Response (*TRANSFBEGIN*)
sid 2065205 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Agent Request (*FILEHEADER*)
sid 2065206 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Server Response (*TRANSFDATA*)
sid 2065207 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Agent Request (AGENTCONN)
sid 2065210 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Server Response (RDPBEEND)
sid 2065212 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Agent Request (AGENTALARM)
sid 2065213 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Agent Request (AGENTINFOM)
sid 2065214 format suricata
et-open command-and-control
ET MALWARE iMonitor EAM CnC Server Response (DEVNLOADCLIENT)
sid 2065215 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (gorelo .tech)
sid 2065548 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (gorelo .tech)
sid 2065549 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (gorelo-rmm .azurewebsites .net)
sid 2065550 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (gorelo-rmm .azurewebsites .net)
sid 2065551 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (meshcentral .com)
sid 2065651 format suricata
et-open misc-activity
ET INFO Observed RMM Domain (meshcentral .com in TLS SNI)
sid 2065652 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (itagent .app)
sid 2066615 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (itagent .app)
sid 2066616 format suricata
Showing 51-100 of 206
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin