Home/Network IDS rules
IDS / IPS

Network IDS rules

206 rules · linked to T1219 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 206
et-open misc-activity
ET INFO Anydesk Relay Domain (net .anydesk .com) in DNS Lookup
sid 2060507 format suricata
et-open misc-activity
ET INFO Observed Anydesk Relay Domain (net .anydesk .com) in TLS SNI
sid 2060508 format suricata
et-open misc-activity
ET INFO Anydesk API Domain (api .anydesk .com) in DNS Lookup
sid 2060510 format suricata
et-open misc-activity
ET INFO Anydesk API Domain (api .anydesk .com) in TLS SNI
sid 2060511 format suricata
et-open misc-activity
ET INFO Anydesk Domain (boot .net .anydesk .com) in DNS Lookup
sid 2060512 format suricata
et-open misc-activity
ET INFO Observed Anydesk Domain (boot .net .anydesk .com) in TLS SNI
sid 2060513 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain ( .zohoassist .jp) in DNS Lookup
sid 2060595 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain ( .zohohost .com) in DNS Lookup
sid 2060596 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain ( .zohoassist .com .cn) in DNS Lookup
sid 2060597 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain ( .zohoassist .com) in DNS Lookup
sid 2060598 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain ( .assist .cs .zohohost .com) in DNS Lookup
sid 2060599 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain ( .zohoassist .jp) in TLS SNI
sid 2060600 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain ( .zohohost .com) in TLS SNI
sid 2060601 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain ( .zohoassist .com .cn) in TLS SNI
sid 2060602 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain ( .zohoassist .com) in TLS SNI
sid 2060603 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain ( .assist .cs .zohohost .com) in TLS SNI
sid 2060604 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain (assistlab .zoho .com) in DNS Lookup
sid 2060606 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain (downloads .zohodl .com .cn) in DNS Lookup
sid 2060607 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain (downloads .zohocdn .com) in DNS Lookup
sid 2060608 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain (assist .zoho .com) in DNS Lookup
sid 2060609 format suricata
et-open misc-activity
ET INFO Zoho Assist Related Domain (gateway .zohoassist .com) in DNS Lookup
sid 2060610 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain in TLS SNI
sid 2060611 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain in TLS SNI
sid 2060612 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain in TLS SNI
sid 2060613 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain in TLS SNI
sid 2060614 format suricata
et-open misc-activity
ET INFO Observed Zoho Assist Related Domain in TLS SNI
sid 2060615 format suricata
et-open misc-activity
ET INFO Teamviewer Frontline Domain (svc .frontlineworker .com) in DNS Lookup
sid 2060624 format suricata
et-open misc-activity
ET INFO Observed Teamviewer Frontline Related Domain (svc .frontlineworker .com) in TLS SNI
sid 2060625 format suricata
et-open misc-activity
ET INFO TeamViewer RMM Domain (teamviewer .com) in DNS Lookup
sid 2060630 format suricata
et-open misc-activity
ET INFO Observed TeamViewer RMM Related Domain (teamviewer .com) in TLS SNI
sid 2060632 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup ( * .monitic .com)
sid 2063329 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI ( * .monitic .com)
sid 2063330 format suricata
et-open misc-activity
ET INFO Monitic RMM API Activity (Installer)
sid 2063350 format suricata
et-open misc-activity
ET INFO Monitic RMM API Activity (Profiling)
sid 2063351 format suricata
et-open misc-activity
ET INFO Monitic RMM API Activity (Detect User IP)
sid 2063352 format suricata
et-open misc-activity
ET INFO Monitic RMM API Activity (Get Config)
sid 2063353 format suricata
et-open misc-activity
ET INFO Monitic RMM API Activity (Get Token)
sid 2063354 format suricata
et-open misc-activity
ET INFO Monitic RMM API Activity (Download Installer)
sid 2063355 format suricata
et-open misc-activity
ET INFO Monitic RMM API Activity (Agent Ping)
sid 2063361 format suricata
et-open misc-activity
ET INFO ISLOnline RMM Installer Activity
sid 2063689 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup ( * .action1 .com)
sid 2063860 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI ( * .action1 .com)
sid 2063861 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (* .optitune .us)
sid 2063862 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI ( * .optitune .us)
sid 2063863 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup ( * .opti-tune .com)
sid 2063864 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI ( * .opti-tune .com)
sid 2063865 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup ( * .action1-com .b-cdn .net)
sid 2063875 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in DNS Lookup (a1-backend-packages-* .s3 .amazonaws .com)
sid 2063877 format suricata
et-open misc-activity
ET INFO Observed RMM Domain in TLS SNI (a1-backend-packages-* .s3 .amazonaws .com)
sid 2063878 format suricata
et-open misc-activity
ET INFO Comodo Itarian RMM-related Domain (one .comodo .com) in DNS Lookup
sid 2064011 format suricata
Showing 1-50 of 206
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin