Home/Network IDS rules
IDS / IPS

Network IDS rules

127 rules · linked to T1614 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

27 shown of 127
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ifconfig .es)
sid 2054149 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ipecho .net) in TLS SNI
sid 2054150 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (whatismyip .akamai .com) in TLS SNI
sid 2054151 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ifconfig .io) in TLS SNI
sid 2054152 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ipcalf .com) in TLS SNI
sid 2054153 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (tnx .nl) in TLS SNI
sid 2054154 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (checkip .amazonaws .com) in TLS SNI
sid 2054155 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ip-api .com) in TLS SNI
sid 2054156 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ip .liquidweb .com) in TLS SNI
sid 2054157 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ipaddress .sh) in TLS SNI
sid 2054158 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ipaddr .site) in TLS SNI
sid 2054159 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ip .tyk .nu) in TLS SNI
sid 2054160 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ifconfig .co) in TLS SNI
sid 2054161 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (wgetip .com) in TLS SNI
sid 2054162 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (echoip .de) in TLS SNI
sid 2054163 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (ifconfig .es) in TLS SNI
sid 2054164 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (2ip .ru)
sid 2054167 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
sid 2054168 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com)
sid 2054169 format suricata
et-open external-ip-check
ET INFO External IP Lookup Domain in DNS Lookup (whatismyipaddress .com)
sid 2054170 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (curlmyip .net) in TLS SNI
sid 2054171 format suricata
et-open external-ip-check
ET INFO Observed External IP Lookup Domain (eth0 .me) in TLS SNI
sid 2054172 format suricata
et-open misc-activity
ET INFO Observed External IP Lookup Domain in DNS Lookup (myip .wtf)
sid 2056530 format suricata
et-open misc-activity
ET INFO Observed External IP Loopkup Domain (myip .wtf in TLS SNI)
sid 2056531 format suricata
et-open misc-activity
ET INFO External IP Lookup via FreeIpAPI
sid 2060212 format suricata
et-open misc-activity
ET INFO External IP Lookup via GeoLocation-db
sid 2060213 format suricata
et-open misc-activity
ET INFO External IP Lookup via Country .is
sid 2061045 format suricata
Showing 101-127 of 127
Prev 3 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin