Home/Network IDS rules
IDS / IPS

Network IDS rules

52,377 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 52,377
et-open misc-activity
ET CHAT IRC PONG response
sid 2002028 format suricata
et-open trojan-activity
ET MALWARE IRC Channel topic scan/exploit command
sid 2002029 format suricata
et-open trojan-activity
ET MALWARE IRC Potential bot scan/exploit command
sid 2002030 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style)
sid 2002034 format suricata
et-open pup-activity
ET ADWARE_PUP Shopathomeselect .com Spyware User-Agent (WebDownloader)
sid 2002038 format suricata
et-open misc-activity
ET USER_AGENTS SideStep User-Agent
sid 2002078 format suricata
et-open misc-activity
ET POLICY Inbound Frequent Emails - Possible Spambot Inbound
sid 2002087 format suricata
et-open pup-activity
ET ADWARE_PUP yupsearch.com Spyware Install - protector.exe
sid 2002092 format suricata
et-open pup-activity
ET ADWARE_PUP yupsearch.com Spyware Install - sideb.exe
sid 2002098 format suricata
et-open policy-violation
ET GAMES Guild Wars connection
sid 2002154 format suricata
et-open policy-violation
ET CHAT Skype User-Agent detected
sid 2002157 format suricata
et-open pup-activity
ET ADWARE_PUP CoolWebSearch Spyware (Feat)
sid 2002160 format suricata
et-open misc-activity
ET POLICY Wise Solutions Install Reporting via HTTP - User Agent (Wise)
sid 2002167 format suricata
et-open pup-activity
ET ADWARE_PUP Casalemedia Spyware Reporting URL Visited 2
sid 2002196 format suricata
et-open policy-violation
ET CHAT Google Talk (Jabber) Client Login
sid 2002327 format suricata
et-open policy-violation
ET POLICY Google Talk TLS Client Traffic
sid 2002330 format suricata
et-open policy-violation
ET CHAT Google IM traffic Jabber client sign-on
sid 2002334 format suricata
et-open trojan-activity
ET MALWARE IRC potential reptile commands
sid 2002363 format suricata
et-open web-application-activity
ET WEB_SPECIFIC_APPS Miva Merchant Cross Site Scripting Attack
sid 2002371 format suricata
et-open unsuccessful-user
ET SCAN Potential FTP Brute-Force attempt response
sid 2002383 format suricata
et-open trojan-activity
ET MALWARE IRC potential bot commands
sid 2002384 format suricata
et-open trojan-activity
ET MALWARE IRC channel topic misc bot commands
sid 2002386 format suricata
et-open pup-activity
ET ADWARE_PUP Miva User-Agent (TPSystem)
sid 2002395 format suricata
et-open pup-activity
ET ADWARE_PUP Miva Spyware User-Agent (Travel Update)
sid 2002396 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
sid 2002400 format suricata
et-open pup-activity
ET ADWARE_PUP Spyware Related User-Agent (UtilMind HTTPGet)
sid 2002402 format suricata
et-open pup-activity
ET ADWARE_PUP Context Plus User-Agent (PTS)
sid 2002403 format suricata
et-open pup-activity
ET ADWARE_PUP Internet Optimizer User-Agent (ROGUE)
sid 2002405 format suricata
et-open policy-violation
ET CHAT Yahoo IM Client Install
sid 2002659 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS e107 resetcore.php SQL Injection attempt
sid 2002663 format suricata
et-open attempted-recon
ET SCAN Nessus User Agent
sid 2002664 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Galerie ShowGallery.php SQL Injection attempt
sid 2002671 format suricata
et-open web-application-attack
ET SCAN Nikto Web App Scan in Progress
sid 2002677 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Cyphor show.php SQL injection attempt
sid 2002678 format suricata
et-open pup-activity
ET ADWARE_PUP iframebiz - loadadv***.exe
sid 2002710 format suricata
et-open pup-activity
ET ADWARE_PUP Zenotecnico Adware 2
sid 2002735 format suricata
et-open pup-activity
ET ADWARE_PUP Zenotecnico Spyware Install Report
sid 2002737 format suricata
et-open pup-activity
ET ADWARE_PUP iDownloadAgent Spyware User-Agent (iDownloadAgent)
sid 2002739 format suricata
et-open policy-violation
ET P2P GnucDNA UDP Ultrapeer Traffic
sid 2002760 format suricata
et-open policy-violation
ET P2P Gnutella TCP Ultrapeer Traffic
sid 2002761 format suricata
et-open trojan-activity
ET MALWARE Torpig Reporting User Activity (x25)
sid 2002762 format suricata
et-open trojan-activity
ET MALWARE Dumador Reporting User Activity
sid 2002763 format suricata
et-open trojan-activity
ET MALWARE Haxdoor Reporting User Activity
sid 2002790 format suricata
et-open policy-violation
ET POLICY Google Desktop User-Agent Detected
sid 2002801 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd)
sid 2002809 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile)
sid 2002810 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server)
sid 2002811 format suricata
et-open policy-violation
ET P2P Direct Connect Traffic (client-server)
sid 2002814 format suricata
et-open attempted-recon
ET POLICY Possible Web Crawl using Wget
sid 2002823 format suricata
et-open attempted-recon
ET POLICY POSSIBLE Web Crawl using Curl
sid 2002825 format suricata
Showing 151-200 of 52,377
Prev 4 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin