Home/Network IDS rules
IDS / IPS

Network IDS rules

57 rules · linked to T1082 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 57
et-open web-application-attack
ET WEB_SPECIFIC_APPS ClaSS export.php ftype parameter Information Disclosure
sid 2009009 format suricata
et-open attempted-recon
ET WEB_SERVER DD-WRT Information Disclosure Attempt
sid 2012116 format suricata
et-open successful-recon-limited
ET WEB_SERVER Successful DD-WRT Information Disclosure
sid 2012117 format suricata
et-open attempted-user
ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Function Name
sid 2019733 format suricata
et-open attempted-admin
ET EXPLOIT Quanta LTE Router Information Disclosure Exploit Attempt
sid 2022698 format suricata
et-open attempted-admin
ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Construct M2
sid 2022797 format suricata
et-open attempted-user
ET EXPLOIT Possible Cisco IKEv1 Information Disclosure Vulnerability CVE-2016-6415
sid 2023311 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Internet Explorer Information Disclosure Vuln as Observed in RIG EK Prefilter M1 Dec 06
sid 2023586 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Internet Explorer Information Disclosure Vuln as Observed in RIG EK Prefilter M2 Dec 06
sid 2023587 format suricata
et-open attempted-recon
ET WEB_SPECIFIC_APPS Online Trade - Information Disclosure
sid 2025783 format suricata
et-open attempted-recon
ET WEB_SPECIFIC_APPS XML External Entity Information Disclosure
sid 2025877 format suricata
et-open attempted-recon
ET SCAN Geutebrueck re_porter 7.8.974.20 Information Disclosure
sid 2026008 format suricata
et-open attempted-recon
ET SCAN Hikvision IP Camera 5.4.0 Information Disclosure
sid 2026015 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Jenkins Information Disclosure CVE-2017-1000395
sid 2027347 format suricata
et-open attempted-recon
ET EXPLOIT Linksys Smart WiFi Information Disclosure Attempt Inbound
sid 2027357 format suricata
et-open attempted-admin
ET EXPLOIT FortiOS SSL VPN - Information Disclosure (CVE-2018-13379)
sid 2027883 format suricata
et-open attempted-admin
ET EXPLOIT Possible Citrix Information Disclosure Attempt Inbound (CVE-2020-8195)
sid 2031068 format suricata
et-open attempted-admin
ET EXPLOIT Exim New-Line Injection into Spool Header File Inbound - Information Disclosure Attempt (CVE-2020-28021)
sid 2032902 format suricata
et-open attempted-admin
ET EXPLOIT Cisco Data Center Network Manager Information Disclosure Inbound
sid 2033410 format suricata
et-open attempted-recon
ET SCAN Laravel Debug Mode Information Disclosure Probe Inbound
sid 2034508 format suricata
et-open attempted-recon
ET WEB_SPECIFIC_APPS Vulnerable SAP NetWeaver Path Observed - Information Disclosure (CVE-2016-2388)
sid 2038697 format suricata
et-open successful-recon-limited
ET WEB_SPECIFIC_APPS Metabase Setup-Token Information Disclosure - Required for CVE-2023-38646
sid 2047018 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)
sid 2047923 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)
sid 2047924 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - TCP Statistics
sid 2048624 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - UDP Statistics
sid 2048625 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation System Data Details Information Disclosure Attempt
sid 2048626 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - IP Routing Data
sid 2048627 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - General Memory Statistics
sid 2048628 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - General Heap Memory Statistics
sid 2048629 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - ICMP Statistics
sid 2048630 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - IGMP Statistics
sid 2048631 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - ARP Statistics
sid 2048632 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - Interface Statistics
sid 2048633 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Advanced Diagnostics Information Disclosure Attempt - IP Statistics
sid 2048634 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Information Disclosure Attempt - System List
sid 2048636 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Information Disclosure Attempt - Browse Chasis
sid 2048637 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Information Disclosure Attempt - Chassis Detail Request
sid 2048638 format suricata
et-open web-application-activity
ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Information Disclosure Attempt - Crashdump Display
sid 2048639 format suricata
et-open attempted-admin
ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)
sid 2048930 format suricata
et-open attempted-admin
ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)
sid 2048931 format suricata
et-open successful-admin
ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure - Successful Response (CVE-2023-4966)
sid 2048932 format suricata
et-open attempted-recon
ET WEB_SPECIFIC_APPS Totolink CP450 Information Disclosure via product.ini (CVE-2024-7332)
sid 2056216 format suricata
et-open successful-recon-limited
ET WEB_SPECIFIC_APPS PRTG Network Monitor Information Disclosure Attempt (CVE-2020-11547)
sid 2056354 format suricata
et-open policy-violation
ET POLICY Plaintext SSH Private Key Outbound over HTTP
sid 2059889 format suricata
et-open web-application-activity
ET WEB_SPECIFIC_APPS Niagara Workbench Anti-CSRF Token Disclosure (CVE-2025-3943)
sid 2063844 format suricata
et-open misc-activity
ET INFO Commvault Server Hostname Observed in HTTP Response
sid 2064058 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS VTENext Session Cookie Information Disclosure via Touch Module
sid 2064155 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fortra GoAnywhere MFT Response Valid License Request Token Disclosure
sid 2064921 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS JumpServer Connection Token Leak (CVE-2025-62712)
sid 2065715 format suricata
Showing 1-50 of 57
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin