Home/Network IDS rules
IDS / IPS

Network IDS rules

52,377 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 52,377
et-open attempted-recon
ET POLICY POSSIBLE Crawl using Fetch
sid 2002827 format suricata
et-open pup-activity
ET ADWARE_PUP My Search Spyware Config Download
sid 2002839 format suricata
et-open pup-activity
ET ADWARE_PUP Freeze.com Spyware/Adware (Install)
sid 2002840 format suricata
et-open pup-activity
ET ADWARE_PUP Freeze.com Spyware/Adware (Install Registration)
sid 2002841 format suricata
et-open protocol-command-decode
ET SCAN MYSQL 4.1 brute force root login attempt
sid 2002842 format suricata
et-open policy-violation
ET POLICY Myspace Login Attempt
sid 2002872 format suricata
et-open trojan-activity
ET USER_AGENTS Metafisher/Goldun User-Agent (z)
sid 2002874 format suricata
et-open policy-violation
ET POLICY iTunes User Agent
sid 2002878 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt
sid 2002879 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt
sid 2002901 format suricata
et-open attempted-recon
ET SCAN Potential VNC Scan 5800-5820
sid 2002910 format suricata
et-open trojan-activity
ET MALWARE Haxdoor Reporting User Activity 2
sid 2002929 format suricata
et-open pup-activity
ET ADWARE_PUP CWS Trafcool.biz Related Installer
sid 2002931 format suricata
et-open attempted-recon
ET POLICY Possible Web Crawl - libwww-perl User Agent
sid 2002935 format suricata
et-open attempted-recon
ET POLICY python.urllib User Agent Web Crawl
sid 2002943 format suricata
et-open misc-activity
ET INFO Java Url Lib User Agent Web Crawl (Inbound)
sid 2002945 format suricata
et-open policy-violation
ET P2P TOR 1.0 Server Key Retrieval
sid 2002950 format suricata
et-open policy-violation
ET P2P TOR 1.0 Status Update
sid 2002951 format suricata
et-open policy-violation
ET P2P TOR 1.0 Inbound Circuit Traffic
sid 2002952 format suricata
et-open policy-violation
ET P2P TOR 1.0 Outbound Circuit Traffic
sid 2002953 format suricata
et-open pup-activity
ET ADWARE_PUP Win32/Tibs Checkin
sid 2002955 format suricata
et-open command-and-control
ET MALWARE Tibs Checkin
sid 2002959 format suricata
et-open pup-activity
ET ADWARE_PUP Elitemediagroup.net Spyware Config Download
sid 2002966 format suricata
et-open pup-activity
ET ADWARE_PUP Dollarrevenue.com Spyware Code Download
sid 2002967 format suricata
et-open trojan-activity
ET MALWARE Banker.Delf Infection - Sending Initial Email to Owner
sid 2002976 format suricata
et-open trojan-activity
ET MALWARE Banload Downloader Infection - Sending initial email to owner
sid 2002977 format suricata
et-open trojan-activity
ET MALWARE SC-KeyLog Keylogger Installed - Sending Initial Email Report
sid 2002979 format suricata
et-open trojan-activity
ET MALWARE Banker.Delf Infection variant 4 - Sending Initial Email to Owner
sid 2002981 format suricata
et-open misc-activity
ET SCAN Rapid POP3 Connections - Possible Brute Force Attack
sid 2002992 format suricata
et-open misc-activity
ET SCAN Rapid POP3S Connections - Possible Brute Force Attack
sid 2002993 format suricata
et-open misc-activity
ET SCAN Rapid IMAP Connections - Possible Brute Force Attack
sid 2002994 format suricata
et-open misc-activity
ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack
sid 2002995 format suricata
et-open policy-violation
ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)
sid 2003047 format suricata
et-open non-standard-protocol
ET HUNTING Suspicious FTP 220 Banner on Local Port (-)
sid 2003055 format suricata
et-open pup-activity
ET ADWARE_PUP 180solutions (Zango) Spyware Local Stats Post
sid 2003060 format suricata
et-open trojan-activity
ET MALWARE Torpig Reporting User Activity (wur8)
sid 2003066 format suricata
et-open attempted-recon
ET SCAN Potential SSH Scan OUTBOUND
sid 2003068 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (BSD style)
sid 2003071 format suricata
et-open policy-violation
ET GAMES STEAM Connection (v2)
sid 2003089 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)
sid 2003149 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD style)
sid 2003150 format suricata
et-open misc-activity
ET POLICY Microsoft TEREDO IPv6 tunneling
sid 2003155 format suricata
et-open attempted-recon
ET SCAN IBM NSA User Agent
sid 2003171 format suricata
et-open command-and-control
ET MALWARE Win32.Lager Trojan Initial Checkin
sid 2003187 format suricata
et-open trojan-activity
ET MALWARE Win32.Lager Trojan Reporting
sid 2003188 format suricata
et-open trojan-activity
ET MALWARE Win32.Lager Trojan Reporting (gcu)
sid 2003189 format suricata
et-open attempted-dos
ET VOIP INVITE Message Flood TCP
sid 2003192 format suricata
et-open attempted-dos
ET VOIP REGISTER Message Flood TCP
sid 2003193 format suricata
et-open attempted-dos
ET VOIP Multiple Unauthorized SIP Responses TCP
sid 2003194 format suricata
et-open pup-activity
ET ADWARE_PUP Best-targeted-traffic.com Spyware Checkin
sid 2003209 format suricata
Showing 201-250 of 52,377
Prev 5 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin