Home/Network IDS rules
IDS / IPS

Network IDS rules

1,353 rules · linked to T1572 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 1,353
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (o1 .lt)
sid 2043487 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (externalmobiel .lekdijk .online)
sid 2043488 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (secure .onedns .cc)
sid 2043489 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bluemeda .cf)
sid 2043490 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (premiumtier-network .instadart .net)
sid 2043491 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (fra1 .eyecay .xyz)
sid 2043492 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (sink .nolo .ltd)
sid 2043493 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .quentin-stoeckel .fr)
sid 2043494 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (ad .ipsecloud .ru)
sid 2043495 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (ggrbb .xyz)
sid 2043496 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (o .rsaikat .com)
sid 2043497 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .jimirobaer .be)
sid 2043498 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .twtrs .com)
sid 2043499 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .laurenlaufman .com)
sid 2043500 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .silentlybren .com)
sid 2043501 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bin .st)
sid 2043502 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .moonssif .com)
sid 2043503 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dohtrial .att .net)
sid 2043504 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (freedns .controld .com)
sid 2043505 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aaytorr .com)
sid 2043506 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .chenu .ch)
sid 2043507 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .extrawdw .net)
sid 2043508 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (echoe1yidzu4ioo5 .myfritz .net)
sid 2043509 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (vm .mytm .cc)
sid 2043510 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .nullrecon .com)
sid 2043511 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ryanleek .com)
sid 2043512 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .dutchwhite .nl)
sid 2043513 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (v2 .dionysus .beauty)
sid 2043514 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (n .3363 .net)
sid 2043515 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .clawsucht .nrw)
sid 2043516 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (block .buck .ovh)
sid 2043517 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (osefcorp .duckdns .org)
sid 2043518 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2 .cbio .top)
sid 2043519 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ipoac .nl)
sid 2043520 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .randomaizer .lentel .ru)
sid 2043521 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (mydns .bielperes .me)
sid 2043522 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (area51 .mywire .org)
sid 2043523 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .frece .de)
sid 2043524 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (sg-dns1 .bancuh .com)
sid 2043525 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (deus-server .duckdns .org)
sid 2043526 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .itdept .pro)
sid 2043527 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (hole .elbschloss .xyz)
sid 2043528 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh-dns .hoover .eu .org)
sid 2043529 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .ssrahul96 .xyz)
sid 2043530 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (lion .dns .qwer .pw)
sid 2043531 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .gando .fr)
sid 2043532 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .ef67daisuki .club)
sid 2043533 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (syd .adfilter .net)
sid 2043534 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (nas1403 .duckdns .org)
sid 2043535 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .thiagoalmeida .ca)
sid 2043536 format suricata
Showing 51-100 of 1,353
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin