Network IDS rules · threatengine.sh

Home/Network IDS rules

IDS / IPS

Network IDS rules

52,377 rules · Snort / Suricata signatures

Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

◈

Rules

50 shown of 52,377

et-open pup-activity

ET ADWARE_PUP Adload.Generic Spyware User-Agent (ProxyDown)

sid 2003639 format suricata

et-open pup-activity

ET ADWARE_PUP Adload.Generic Spyware User-Agent (91castInstallKernel)

sid 2003640 format suricata

et-open trojan-activity

ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)

sid 2003645 format suricata

et-open command-and-control

ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin

sid 2003646 format suricata

et-open trojan-activity

ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)

sid 2003647 format suricata

et-open command-and-control

ET MALWARE Dialer-715 Install Checkin

sid 2003650 format suricata

et-open pup-activity

ET ADWARE_PUP Trafficadvance.net Spyware User-Agent (Internet 1.0)

sid 2003655 format suricata

et-open pup-activity

ET ADWARE_PUP debelizombi.com (Rizo) related Spyware User-Agent (mc_v1.2.6)

sid 2003656 format suricata

et-open trojan-activity

ET USER_AGENTS Suspicious User-Agent (MSIE)

sid 2003657 format suricata

et-open pup-activity

ET ADWARE_PUP qq.com related Spyware User-Agent (QQGame)

sid 2003658 format suricata

et-open misc-attack

ET SCAN ProxyReconBot CONNECT method to Mail

sid 2003869 format suricata

et-open trojan-activity

ET SCAN WebHack Control Center User-Agent Inbound (WHCC/)

sid 2003924 format suricata

et-open trojan-activity

ET USER_AGENTS Suspicious User-Agent (HTTPTEST) - Seen used by downloaders

sid 2003927 format suricata

et-open pup-activity

ET ADWARE_PUP Mirar Bar Spyware User-Agent (Mbar)

sid 2003928 format suricata

et-open trojan-activity

ET MALWARE Banker.Delf User-Agent (Ms)

sid 2003933 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UNION SELECT

sid 2004000 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id INSERT

sid 2004001 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE

sid 2004002 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ASCII

sid 2004003 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UPDATE

sid 2004004 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id SELECT

sid 2004005 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UNION SELECT

sid 2004006 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id INSERT

sid 2004007 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id DELETE

sid 2004008 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id ASCII

sid 2004009 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UPDATE

sid 2004010 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie SELECT

sid 2004011 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UNION SELECT

sid 2004012 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie INSERT

sid 2004013 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie DELETE

sid 2004014 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie ASCII

sid 2004015 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UPDATE

sid 2004016 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style SELECT

sid 2004023 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UNION SELECT

sid 2004024 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style INSERT

sid 2004025 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style DELETE

sid 2004026 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style ASCII

sid 2004027 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UPDATE

sid 2004028 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue SELECT

sid 2004029 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UNION SELECT

sid 2004030 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue INSERT

sid 2004031 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue DELETE

sid 2004032 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue ASCII

sid 2004033 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UPDATE

sid 2004034 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT

sid 2004035 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT

sid 2004036 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT

sid 2004037 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE

sid 2004038 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII

sid 2004039 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE

sid 2004040 format suricata

Showing 351-400 of 52,377

Prev 8 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin