Home/Network IDS rules
IDS / IPS

Network IDS rules

129 rules · linked to T1210 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 129
et-open web-application-attack
ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt
sid 2009670 format suricata
et-open web-application-attack
ET WEB_SERVER LANDesk Command Injection Attempt
sid 2010863 format suricata
et-open web-application-attack
ET WEB_CLIENT Java Web Start Command Injection (.jar)
sid 2011698 format suricata
et-open attempted-user
ET WEB_SPECIFIC_APPS Nagios XI Network Monitor - OS Command Injection
sid 2016015 format suricata
et-open trojan-activity
ET EXPLOIT Possible 2012-1533 altjvm RCE via JNLP command injection
sid 2017013 format suricata
et-open web-application-activity
ET SCAN COMMIX Command injection scan attempt
sid 2022243 format suricata
et-open attempted-user
ET EXPLOIT Netgear R7000 Command Injection Exploit
sid 2023628 format suricata
et-open attempted-user
ET EXPLOIT HP Smart Storage Administrator Remote Command Injection
sid 2024063 format suricata
et-open web-application-attack
ET EXPLOIT BlueCoat CAS v1.3.7.1 Report Email Command Injection attempt
sid 2024234 format suricata
et-open attempted-recon
ET EXPLOIT AVTECH Unauthenticated Command Injection in DVR Devices
sid 2024917 format suricata
et-open attempted-recon
ET EXPLOIT AVTECH Authenticated Command Injection in CloudSetup.cgi
sid 2024918 format suricata
et-open attempted-recon
ET EXPLOIT AVTECH Authenticated Command Injection in adcommand.cgi
sid 2024919 format suricata
et-open attempted-recon
ET EXPLOIT AVTECH Authenticated Command Injection in PwdGrp.cgi
sid 2024920 format suricata
et-open attempted-user
ET EXPLOIT D-Link DSL-2750B - OS Command Injection
sid 2025756 format suricata
et-open attempted-admin
ET EXPLOIT DynoRoot DHCP - Client Command Injection
sid 2025765 format suricata
et-open attempted-user
ET EXPLOIT VMware NSX SD-WAN Command Injection
sid 2025767 format suricata
et-open attempted-user
ET EXPLOIT VMware NSX SD-WAN Command Injection 2
sid 2025768 format suricata
et-open attempted-user
ET EXPLOIT SonicWall Global Management System - XMLRPC set_time_zone Command Injection (CVE-2018-9866)
sid 2026023 format suricata
et-open attempted-admin
ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Unix)
sid 2026028 format suricata
et-open attempted-admin
ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Linux)
sid 2026029 format suricata
et-open attempted-admin
ET EXPLOIT Zyxel Command Injection RCE (CVE-2017-6884)
sid 2026105 format suricata
et-open attempted-admin
ET EXPLOIT NetGain Enterprise Manager 7.2.562 Ping Command Injection
sid 2026106 format suricata
et-open attempted-admin
ET EXPLOIT NUUO OS Command Injection
sid 2026107 format suricata
et-open attempted-admin
ET EXPLOIT Possible WePresent WIPG1000 OS Command Injection
sid 2027090 format suricata
et-open attempted-admin
ET EXPLOIT Eir D1000 Remote Command Injection Attempt Inbound
sid 2027375 format suricata
et-open attempted-admin
ET EXPLOIT Eir D1000 Remote Command Injection Attempt Outbound
sid 2027376 format suricata
et-open attempted-admin
ET EXPLOIT Attempted Remote Command Injection Outbound (CVE-2019-3929)
sid 2027450 format suricata
et-open attempted-admin
ET EXPLOIT Attempted Remote Command Injection Inbound (CVE-2019-3929)
sid 2027451 format suricata
et-open attempted-admin
ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Outbound
sid 2027452 format suricata
et-open attempted-admin
ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Inbound
sid 2027453 format suricata
et-open attempted-admin
ET EXPLOIT Attempted Remote Command Injection Outbound (CVE-2018-7841)
sid 2027454 format suricata
et-open attempted-admin
ET EXPLOIT Attempted Remote Command Injection Inbound (CVE-2018-7841)
sid 2027455 format suricata
et-open attempted-admin
ET EXPLOIT Dell KACE Attempted Remote Command Injection Outbound
sid 2027456 format suricata
et-open attempted-admin
ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound
sid 2027457 format suricata
et-open attempted-admin
ET EXPLOIT Geutebruck Attempted Remote Command Injection Outbound
sid 2027458 format suricata
et-open attempted-admin
ET EXPLOIT Geutebruck Attempted Remote Command Injection Inbound
sid 2027459 format suricata
et-open attempted-admin
ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Outbound
sid 2027460 format suricata
et-open attempted-admin
ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Inbound
sid 2027461 format suricata
et-open attempted-admin
ET EXPLOIT Belkin Wemo Enabled Crock-Pot Unauthenticated Command Injection Inbound (CVE-2019-12780)
sid 2027486 format suricata
et-open attempted-admin
ET EXPLOIT Belkin Wemo Enabled Crock-Pot Unauthenticated Command Injection Outbound (CVE-2019-12780)
sid 2027487 format suricata
et-open attempted-admin
ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Inbound (CVE-2019-6277)
sid 2027881 format suricata
et-open attempted-admin
ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Outbound (CVE-2019-6277)
sid 2027882 format suricata
et-open attempted-admin
ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Inbound (CVE-2019-7256)
sid 2029207 format suricata
et-open attempted-admin
ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Outbound (CVE-2019-7256)
sid 2029213 format suricata
et-open attempted-admin
ET EXPLOIT Linksys WRT54G Version 3.1 Command Injection Attempt
sid 2029734 format suricata
et-open attempted-admin
ET EXPLOIT UCM6202 1.0.18.13 - Remote Command Injection Attempt
sid 2030206 format suricata
et-open attempted-admin
ET EXPLOIT Possible D-Link Command Injection Attempt Inbound (CVE-2020-13782)
sid 2030335 format suricata
et-open attempted-admin
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)
sid 2030502 format suricata
et-open attempted-recon
ET EXPLOIT AVTECH Authenticated Command Injection in CloudSetup.cgi (Outbound)
sid 2030503 format suricata
et-open attempted-admin
ET EXPLOIT Qualcomm QCMAP Command Injection Attempt Inbound (CVE-2020-3657)
sid 2031056 format suricata
Showing 1-50 of 129
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin