Home/Network IDS rules
IDS / IPS

Network IDS rules

240 rules · linked to T1102 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 240
et-open misc-activity
ET INFO Observed Free Hosting Domain (loveslife .biz) in TLS SNI
sid 2066984 format suricata
et-open misc-activity
ET INFO Observed Free Hosting Domain (social-networking .me) in TLS SNI
sid 2066985 format suricata
et-open misc-activity
ET INFO Observed Free Hosting Domain (fast-page .org) in TLS SNI
sid 2066987 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (fragbin .com)
sid 2066992 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pasteshare .ninja)
sid 2066993 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pythonmorsels .com)
sid 2066994 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (codebin .cc)
sid 2066995 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pastefy .app)
sid 2066996 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (ctrlv .codes)
sid 2066997 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (coderstool .com)
sid 2066998 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (devbeaver .com)
sid 2066999 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pastepool .com)
sid 2067000 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (mypaste .dev)
sid 2067001 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pastevoid .com)
sid 2067002 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (copyandshare .com)
sid 2067003 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (pastezen .com)
sid 2067004 format suricata
et-open misc-activity
ET INFO Pastebin-like Service Domain in DNS Lookup (ctxt .io)
sid 2067005 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (fragbin .com) in TLS SNI
sid 2067006 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (pasteshare .ninja) in TLS SNI
sid 2067007 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (pythonmorsels .com) in TLS SNI
sid 2067008 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (codebin .cc) in TLS SNI
sid 2067009 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (pastefy .app) in TLS SNI
sid 2067010 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (ctrlv .codes) in TLS SNI
sid 2067011 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (coderstool .com) in TLS SNI
sid 2067012 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (devbeaver .com) in TLS SNI
sid 2067013 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (pastepool .com) in TLS SNI
sid 2067014 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (mypaste .dev) in TLS SNI
sid 2067015 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (pastevoid .com) in TLS SNI
sid 2067016 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (copyandshare .com) in TLS SNI
sid 2067017 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (pastezen .com) in TLS SNI
sid 2067018 format suricata
et-open misc-activity
ET INFO Observed Pastebin-like Service (ctxt .io) in TLS SNI
sid 2067019 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhookinbox .com)
sid 2067025 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (hookdeck .com)
sid 2067026 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (requestcatcher .com)
sid 2067027 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhookrelay .com)
sid 2067028 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (mockly .me)
sid 2067029 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (emailhook .site)
sid 2067030 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (postb .in)
sid 2067031 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (dnshook .site)
sid 2067032 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhook .cool)
sid 2067033 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (putsreq .com)
sid 2067034 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhooklistener .cloud)
sid 2067035 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (pipedream .com)
sid 2067036 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhookcatcher .com)
sid 2067037 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhook-test .com)
sid 2067038 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (mockoon .app)
sid 2067039 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhook .site)
sid 2067040 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (svix .com)
sid 2067041 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (wiremock .cloud)
sid 2067042 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhookapp .dev)
sid 2067043 format suricata
Showing 151-200 of 240
Prev 4 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin