Home/Network IDS rules
IDS / IPS

Network IDS rules

52,377 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 52,377
et-open pup-activity
ET ADWARE_PUP Best-targeted-traffic.com Spyware Install
sid 2003210 format suricata
et-open pup-activity
ET ADWARE_PUP Megaupload Spyware User-Agent (Megaupload)
sid 2003224 format suricata
et-open command-and-control
ET MALWARE W32.Downloader Tibs.jy Reporting to C&C (2)
sid 2003239 format suricata
et-open pup-activity
ET ADWARE_PUP User-Agent (Download Agent) Possibly Related to TrinityAcquisitions.com
sid 2003243 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 25 Inbound Request (Windows Source)
sid 2003254 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 25 Inbound Request (Linux Source)
sid 2003255 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 25 Inbound Request (Windows Source)
sid 2003256 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 25 Inbound Request (Linux Source)
sid 2003257 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 DNS Inbound Request (Windows Source)
sid 2003258 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 DNS Inbound Request (Linux Source)
sid 2003259 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 HTTP Proxy Inbound Request (Windows Source)
sid 2003260 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 HTTP Proxy Inbound Request (Linux Source)
sid 2003261 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 HTTP Proxy Inbound Request (Windows Source)
sid 2003262 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 HTTP Proxy Inbound Request (Linux Source)
sid 2003263 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 443 Inbound Request (Windows Source)
sid 2003266 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 443 Inbound Request (Linux Source)
sid 2003267 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 443 Inbound Request (Windows Source)
sid 2003268 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 443 Inbound Request (Linux Source)
sid 2003269 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 5190 Inbound Request (Windows Source)
sid 2003270 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 5190 Inbound Request (Linux Source)
sid 2003271 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 5190 Inbound Request (Windows Source)
sid 2003272 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 5190 Inbound Request (Linux Source)
sid 2003273 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 1863 Inbound Request (Windows Source)
sid 2003274 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 1863 Inbound Request (Linux Source)
sid 2003275 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 1863 Inbound Request (Windows Source)
sid 2003276 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 1863 Inbound Request (Linux Source)
sid 2003277 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 5050 Inbound Request (Windows Source)
sid 2003278 format suricata
et-open protocol-command-decode
ET INFO SOCKSv5 Port 5050 Inbound Request (Linux Source)
sid 2003279 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 5050 Inbound Request (Windows Source)
sid 2003280 format suricata
et-open protocol-command-decode
ET INFO SOCKSv4 Port 5050 Inbound Request (Linux Source)
sid 2003281 format suricata
et-open pup-activity
ET ADWARE_PUP 180solutions Spyware (tracked event 2 reporting)
sid 2003306 format suricata
et-open policy-violation
ET P2P Edonkey Publicize File ACK
sid 2003311 format suricata
et-open policy-violation
ET P2P Edonkey Connect Request
sid 2003312 format suricata
et-open policy-violation
ET P2P Edonkey Search Request (search by name)
sid 2003319 format suricata
et-open attempted-admin
ET WEB_CLIENT Apple Quicktime RTSP Overflow (1)
sid 2003326 format suricata
et-open attempted-admin
ET WEB_CLIENT Apple Quicktime RTSP Overflow (2)
sid 2003327 format suricata
et-open pup-activity
ET USER_AGENTS Suspicious User Agent (Autoupdate)
sid 2003337 format suricata
et-open pup-activity
ET ADWARE_PUP Trinityacquisitions.com and Maximumexperience.com Spyware Activity
sid 2003344 format suricata
et-open pup-activity
ET ADWARE_PUP Errorsafe.com Fake antispyware User-Agent (ErrorSafe)
sid 2003346 format suricata
et-open pup-activity
ET ADWARE_PUP Gamehouse.com User-Agent (GAMEHOUSE.NET.URL)
sid 2003347 format suricata
et-open pup-activity
ET ADWARE_PUP MyGlobalSearch Spyware bar update
sid 2003351 format suricata
et-open pup-activity
ET ADWARE_PUP MyGlobalSearch Spyware bar update 2
sid 2003352 format suricata
et-open pup-activity
ET ADWARE_PUP Yourscreen.com Spyware User-Agent (FreezeInet)
sid 2003355 format suricata
et-open pup-activity
ET ADWARE_PUP Freeze.com Spyware Download
sid 2003356 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19 etc)
sid 2003380 format suricata
et-open pup-activity
ET ADWARE_PUP Hotbar Tools Spyware User-Agent (hbtools)
sid 2003383 format suricata
et-open pup-activity
ET ADWARE_PUP SpamBlockerUtility Fake Anti-Spyware User-Agent (SpamBlockerUtility x.x.x)
sid 2003384 format suricata
et-open pup-activity
ET ADWARE_PUP dialno Dialer User-Agent (dialno)
sid 2003387 format suricata
et-open pup-activity
ET ADWARE_PUP SurfAccuracy.com Spyware Updating
sid 2003390 format suricata
et-open pup-activity
ET ADWARE_PUP Mysearch.com/Morpheus Bar Spyware User-Agent (Morpheus)
sid 2003396 format suricata
Showing 251-300 of 52,377
Prev 6 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin