Home/Network IDS rules
IDS / IPS

Network IDS rules

206 rules · linked to T1219 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 206
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (aspia .org)
sid 2067696 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (atera .com)
sid 2067697 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (atera .com)
sid 2067698 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (atera .pubnubapi .com)
sid 2067699 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (atera .pubnubapi .com)
sid 2067700 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (atera-agent-heartbeat-cus .servicebus .windows .net)
sid 2067701 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (atera-agent-heartbeat-cus .servicebus .windows .net)
sid 2067702 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (auvik .com)
sid 2067705 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (auvik .com)
sid 2067706 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (aweray .net)
sid 2067707 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (aweray .net)
sid 2067708 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (aweray .com)
sid 2067709 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (aweray .com)
sid 2067710 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (islonline .net)
sid 2067711 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (islonline .net)
sid 2067712 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (barracudamsp .com)
sid 2067713 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (barracudamsp .com)
sid 2067714 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in DNS Lookup (basecamp .com)
sid 2067715 format suricata
et-open misc-activity
ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (basecamp .com)
sid 2067716 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (dameware .com)
sid 2067959 format suricata
et-open misc-activity
ET INFO Observed RMM Domain (dameware .com) in TLS SNI
sid 2067960 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (mspa .n-able .com)
sid 2067961 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (swi-dre .com)
sid 2067962 format suricata
et-open misc-activity
ET INFO Observed RMM Domain (mspa .n-able .com) in TLS SNI
sid 2067963 format suricata
et-open misc-activity
ET INFO Observed RMM Domain (swi-dre .com) in TLS SNI
sid 2067964 format suricata
et-open misc-activity
ET INFO SimpleHelp RMM machine ping Request to Server
sid 2067965 format suricata
et-open misc-activity
ET INFO SimpleHelp RMM lossyproc Request to Server
sid 2067966 format suricata
et-open domain-c2
ET MALWARE Malicious SimpleHelp RMM Domain in DNS Lookup (funsunmexicobizz .top)
sid 2067967 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SimpleHelp RMM Domain (funsunmexicobizz .top) in TLS SNI
sid 2067968 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (tiflux .com)
sid 2068025 format suricata
et-open misc-activity
ET INFO Observed RMM Domain (tiflux .com) in TLS SNI
sid 2068026 format suricata
et-open misc-activity
ET INFO EasyTier Mesh VPN Domain (stun .easytier .cn) in DNS Lookup
sid 2068135 format suricata
et-open misc-activity
ET INFO EasyTier Mesh VPN Domain (stun-v6 .easytier .top) in DNS Lookup
sid 2068136 format suricata
et-open misc-activity
ET INFO EasyTier Mesh VPN Domain (public .easytier .top) in DNS Lookup
sid 2068137 format suricata
et-open misc-activity
ET INFO EasyTier Mesh VPN Domain (public .easytier .cn) in DNS Lookup
sid 2068138 format suricata
et-open misc-activity
ET INFO EasyTier Mesh VPN Domain (stun .henyuan-v6 .easytier .cn) in DNS Lookup
sid 2068139 format suricata
et-open misc-activity
ET INFO SoftEther VPN Service Related Domain (vpnazure .net) in DNS Lookup
sid 2068198 format suricata
et-open misc-activity
ET INFO SoftEther VPN Service Related Domain (softether .org) in DNS Lookup
sid 2068199 format suricata
et-open misc-activity
ET INFO SoftEther VPN Service Related Domain (softether-network .net) in DNS Lookup
sid 2068200 format suricata
et-open misc-activity
ET INFO Observed SoftEther VPN Service Domain (vpnazure .net in TLS SNI)
sid 2068201 format suricata
et-open misc-activity
ET INFO Observed SoftEther VPN Service Domain (softether .org in TLS SNI)
sid 2068202 format suricata
et-open misc-activity
ET INFO Observed SoftEther VPN Service Domain (softether-network .net in TLS SNI)
sid 2068203 format suricata
et-open misc-activity
ET JA3 Hash - Possible SoftEther Server-Side Traffic
sid 2068223 format suricata
et-open misc-activity
ET INFO Networking Tunneling Service Domain (gsocket .io) in DNS Lookup
sid 2068424 format suricata
et-open misc-activity
ET INFO Observed Networking Tunneling Service Domain (gsocket .io in TLS SNI)
sid 2068425 format suricata
et-open misc-activity
ET INFO Observed Tactical RMM in DNS Lookup (icanhazip .tacticalrmm .io)
sid 2068548 format suricata
et-open misc-activity
ET INFO Observed Tactical RMM in TLS SNI (icanhazip .tacticalrmm .io)
sid 2068549 format suricata
et-open misc-activity
ET INFO NoMachine Network RMM Domain (nomachine .com) in DNS Lookup
sid 2068933 format suricata
et-open misc-activity
ET INFO Observed NoMachine Network RMM Domain (nomachine .com in TLS SNI)
sid 2068934 format suricata
et-open misc-activity
ET INFO Observed Microsoft Dev Tunnels Domain (devtunnels .ms in TLS SNI)
sid 2069122 format suricata
Showing 151-200 of 206
Prev 4 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin