Home/Network IDS rules
IDS / IPS

Network IDS rules

1,435 rules · linked to T1566 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 1,435
et-open credential-theft
ET PHISHING Successful Generic Phish (set) 2020-06-10
sid 2030275 format suricata
et-open social-engineering
ET PHISHING Common Form POST - M&T Bank Phishing Landing 2020-06-11
sid 2030295 format suricata
et-open social-engineering
ET PHISHING Common Form POST - Possible Generic Phishing Landing 2020-06-11
sid 2030302 format suricata
et-open credential-theft
ET PHISHING Lucy Security - Successful Phish
sid 2030404 format suricata
et-open misc-activity
ET PHISHING Successful Wombat Phishing Test
sid 2030405 format suricata
et-open credential-theft
ET PHISHING Possible Successful Generic Phish to .ma Domain 2020-07-15
sid 2030519 format suricata
et-open credential-theft
ET PHISHING Possible Successful Phish - Saved Website Comment Observed
sid 2030574 format suricata
et-open credential-theft
ET PHISHING Successful Generic Redeye Phish 2020-07-24
sid 2030587 format suricata
et-open web-application-attack
ET PHISHING Generic Phishing Panel Accessed on External Server
sid 2030588 format suricata
et-open web-application-attack
ET PHISHING Generic Phishing Panel Accessed on Internal Server
sid 2030589 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Landing Hosted on CodeSandbox.io M1
sid 2030603 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Landing Hosted on CodeSandbox.io M2
sid 2030604 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Landing Hosted on CodeSandbox.io M3
sid 2030605 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Landing Hosted on CodeSandbox.io M4
sid 2030606 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Landing Captcha Check
sid 2030610 format suricata
et-open web-application-activity
ET PHISHING Generic Phishing Panel Accessed on External Server
sid 2030611 format suricata
et-open web-application-activity
ET PHISHING Generic Phishing Panel Accessed on Internal Server
sid 2030612 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Script Hosted on 000webhostapp
sid 2030618 format suricata
et-open credential-theft
ET PHISHING Possible Sucessful Generic Phish (set) 2020-08-04
sid 2030646 format suricata
et-open credential-theft
ET PHISHING Successful Paxful Cryptocurrency Wallet Phish 2020-08-17
sid 2030695 format suricata
et-open credential-theft
ET PHISHING Possible Successful Credential Phish - Form submitted to submit-form Form Hosting
sid 2030707 format suricata
et-open misc-activity
ET HUNTING HTTP POST to .php on Appspot Hosting - Possible Phishing
sid 2030708 format suricata
et-open social-engineering
ET PHISHING OneDrive Phishing Landing on Appspot Hosting
sid 2030715 format suricata
et-open web-application-activity
ET PHISHING Generic Phishing Panel Accessed on External Server
sid 2030815 format suricata
et-open web-application-activity
ET PHISHING Generic Phishing Panel Accessed on Internal Server
sid 2030816 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Landing Hosted on CodeSandbox.io M5
sid 2030936 format suricata
et-open social-engineering
ET PHISHING Possible Phishing Landing Hosted on CodeSandbox.io M6
sid 2030937 format suricata
et-open social-engineering
ET PHISHING Generic Phishing Landing Hosted via Weebly
sid 2030985 format suricata
et-open social-engineering
ET PHISHING Generic Phishing Landing Hosted via Weebly
sid 2030986 format suricata
et-open social-engineering
ET PHISHING Generic Phishing Landing Hosted via Weebly
sid 2030987 format suricata
et-open credential-theft
ET PHISHING Possible Successful Generic Web.App Hosted Phish 2020-10-14
sid 2031011 format suricata
et-open credential-theft
ET PHISHING Possible Successful Generic Windows.net Hosted Phish 2020-10-14
sid 2031012 format suricata
et-open social-engineering
ET PHISHING Cloned IRS Page - Possible Phishing Landing
sid 2031166 format suricata
et-open misc-activity
ET HUNTING HTTP POST to XYZ TLD Containing Pass - Possible Phishing
sid 2031189 format suricata
et-open credential-theft
ET PHISHING Possible Successful Generic Phish (set) 2020-11-19
sid 2031218 format suricata
et-open social-engineering
ET PHISHING Cloned Instagram Page - Possible Phishing Landing M3
sid 2031238 format suricata
et-open credential-theft
ET PHISHING Successful Clydesdale Bank Phish 2020-12-30
sid 2031468 format suricata
et-open social-engineering
ET PHISHING Suspicious TikTok Domain Request - Possible Phishing or Scam
sid 2031492 format suricata
et-open credential-theft
ET HUNTING Suspicious HTTP POST Only Containing Password - Possible Phishing
sid 2031523 format suricata
et-open credential-theft
ET HUNTING Suspicious HTTP POST Only Containing Pass - Possible Phishing
sid 2031524 format suricata
et-open credential-theft
ET PHISHING Possible Successful Credential Phish Oct 1 2015
sid 2031564 format suricata
et-open credential-theft
ET PHISHING Successful Paypal Phish M1 Dec 8 2015
sid 2031565 format suricata
et-open credential-theft
ET PHISHING Terse POST to Wordpress Folder - Probable Successful Phishing
sid 2031566 format suricata
et-open social-engineering
ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016
sid 2031567 format suricata
et-open credential-theft
ET PHISHING Terse POST to Wordpress Folder - Probable Successful Phishing M3
sid 2031568 format suricata
et-open credential-theft
ET PHISHING Successful Dynamic Folder Phishing Oct 06 2016
sid 2031569 format suricata
et-open credential-theft
ET PHISHING Successful Dynamic Folder Phish Oct 07 2016
sid 2031570 format suricata
et-open credential-theft
ET PHISHING Terse POST to Wordpress Folder - Probable Successful Phishing M4
sid 2031571 format suricata
et-open credential-theft
ET PHISHING Terse POST to Wordpress Folder - Probable Successful Phishing M6
sid 2031572 format suricata
et-open credential-theft
ET PHISHING Successful Chase Phish Dec 29 2016
sid 2031573 format suricata
Showing 401-450 of 1,435
Prev 9 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin