Home/Network IDS rules
IDS / IPS

Network IDS rules

127 rules · linked to T1614 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 127
et-open external-ip-check
ET POLICY External IP Lookup (api .ipstack .com)
sid 2029694 format suricata
et-open policy-violation
ET POLICY External IP Lookup (moanmyip .com)
sid 2030126 format suricata
et-open policy-violation
ET POLICY External IP Lookup (ipchicken .com)
sid 2030137 format suricata
et-open external-ip-check
ET POLICY External IP Lookup (www. netikus .net)
sid 2030187 format suricata
et-open external-ip-check
ET POLICY External IP Lookup SSL/TLS Certificate (ifconfig .me)
sid 2030666 format suricata
et-open external-ip-check
ET POLICY Known External IP Lookup Service Domain in SNI
sid 2031616 format suricata
et-open bad-unknown
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
sid 2033214 format suricata
et-open policy-violation
ET POLICY External IP Lookup via 3322 .org
sid 2033630 format suricata
et-open bad-unknown
ET INFO External IP Lookup Domain DNS Lookup (my-ip .io)
sid 2034196 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain DNS Lookup (ip .dnsexit .com)
sid 2034898 format suricata
et-open misc-activity
ET INFO External IP Lookup HTTP Request (ip .dnsexit .com)
sid 2034899 format suricata
et-open misc-activity
ET INFO Observed External IP Lookup Domain (geoiplookup .io in TLS SNI)
sid 2035114 format suricata
et-open external-ip-check
ET MALWARE TA402/Molerats External IP Lookup Activity
sid 2035121 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (icanhazip .com in TLS SNI)
sid 2036304 format suricata
et-open bad-unknown
ET INFO External IP Lookup Domain Domain in DNS Lookup (ipbase .com)
sid 2036560 format suricata
et-open bad-unknown
ET INFO Observed External IP Lookup Domain (ipbase .com in TLS SNI)
sid 2036561 format suricata
et-open bad-unknown
ET INFO External IP Lookup Domain in DNS Lookup (ip .bablosoft .com)
sid 2036685 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup)
sid 2036860 format suricata
et-open bad-unknown
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
sid 2037042 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain (ip-api .io) in DNS Lookup
sid 2039045 format suricata
et-open external-ip-check
ET POLICY External IP Lookup (ip .anysrc .net)
sid 2039563 format suricata
et-open bad-unknown
ET INFO External IP Lookup (keycdn .com)
sid 2039772 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
sid 2042969 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
sid 2043238 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ip .cn in TLS SNI)
sid 2047080 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ip .me in TLS SNI)
sid 2047082 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (whois .pconline .com .cn in TLS SNI)
sid 2047622 format suricata
et-open misc-activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
sid 2047702 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)
sid 2047718 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)
sid 2047719 format suricata
et-open misc-activity
ET INFO External IP Lookup Domain in DNS Lookup (geolocation-db .com)
sid 2048377 format suricata
et-open misc-activity
ET INFO External IP Lookup Domain (geolocation-db .com) in TLS SNI
sid 2048378 format suricata
et-open misc-activity
ET INFO Observed External IP Lookup Domain (ufile .io in TLS SNI)
sid 2049262 format suricata
et-open misc-activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
sid 2050281 format suricata
et-open misc-activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
sid 2050282 format suricata
et-open misc-activity
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
sid 2051431 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ipecho .net)
sid 2054135 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (whatismyip .akamai .com)
sid 2054136 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ifconfig .io)
sid 2054137 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ipcalf .com)
sid 2054138 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (tnx .nl)
sid 2054139 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com)
sid 2054140 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
sid 2054141 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ip .liquidweb .com)
sid 2054142 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ipaddress .sh)
sid 2054143 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ipaddr .site)
sid 2054144 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ip .tyk .nu)
sid 2054145 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ifconfig .co)
sid 2054146 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (wgetip .com)
sid 2054147 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (echoip .de)
sid 2054148 format suricata
Showing 51-100 of 127
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin