Home/Network IDS rules
IDS / IPS

Network IDS rules

1,353 rules · linked to T1572 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 1,353
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (n-wan .dynv6 .net)
sid 2043829 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (oracle .cepheus0 .com)
sid 2043830 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .bruckmoser .it)
sid 2043831 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (tiger .dns .qwer .pw)
sid 2043832 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (securedns .vendorvista .xyz)
sid 2043833 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .cloudmini .net)
sid 2043835 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .kenzohost .de)
sid 2043836 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (ociamd1 .fatucloud .gosprout .org)
sid 2043838 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (ag .apollohct .com)
sid 2043840 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (colean .go .ro)
sid 2043841 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .malwarelul .download)
sid 2043842 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (block .abstergo .it)
sid 2043843 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .maolaohei .xyz)
sid 2043844 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (guoyingwei .top)
sid 2043845 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (shield .afixer .app)
sid 2043846 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ellichua .com)
sid 2043847 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .alpo .pp .ua)
sid 2043848 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .andrewnw .xyz)
sid 2043849 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .flymc .cc)
sid 2043850 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .marcbond .uk)
sid 2043851 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (vvmm .me)
sid 2043852 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (ad1 .heronet .nl)
sid 2043853 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (gpchubjk .dnsfish .com)
sid 2043854 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .filipccz .eu)
sid 2043855 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .mulu .at)
sid 2043856 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dog .dns .qwer .pw)
sid 2043857 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ilker .se)
sid 2043858 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (kcolspacrm .ir)
sid 2043859 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .applewebkit .dev)
sid 2043860 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .karl .one)
sid 2043861 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .korks .tk)
sid 2043862 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .wns .watch)
sid 2043863 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (shalenkov .dev)
sid 2043864 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (1 .11i .eu)
sid 2043865 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (nongdanthanky .com)
sid 2043866 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .iamninja .ru)
sid 2043868 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .onedns .net)
sid 2043870 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bluestarnc .com)
sid 2043871 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adns .kreonet .net)
sid 2043872 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (muc-ns01 .ibytex .systems)
sid 2043873 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (gunag .duckdns .org)
sid 2043874 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .tuankhaiit .com)
sid 2043875 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .lege .despagne .net)
sid 2043876 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adblock .technovus .in)
sid 2043877 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .faze .dev)
sid 2043878 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (cvt-ic-us-adns-001 .clearviewtechnology .net)
sid 2043879 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hopper .org .uk)
sid 2043880 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (per .adfilter .net)
sid 2043881 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .bobstrecansky .com)
sid 2043882 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (blackhole .aflr .io)
sid 2043883 format suricata
Showing 301-350 of 1,353
Prev 7 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin