Home/Network IDS rules
IDS / IPS

Network IDS rules

29 rules · linked to T1505 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

29 shown of 29
et-open command-and-control
ET MALWARE Webshell Landing Outbound - Possibly Iran-based
sid 2033416 format suricata
et-open command-and-control
ET MALWARE Webshell Upload Command Inbound - Possibly Iran-based
sid 2033417 format suricata
et-open command-and-control
ET MALWARE Webshell Access with Known Password Inbound - Possibly Iran-based
sid 2033418 format suricata
et-open command-and-control
ET MALWARE Webshell Execute Command Inbound - Possibly Iran-based M1
sid 2033419 format suricata
et-open attempted-user
ET WEB_SERVER Possible WebShell Access Inbound [exec] M1 (CISA AA21-259A)
sid 2034006 format suricata
et-open attempted-user
ET WEB_SERVER Possible WebShell Access Inbound [upload] M1 (CISA AA21-259A)
sid 2034009 format suricata
et-open web-application-attack
ET WEB_CLIENT Generic Webshell Accessed on External Compromised Server
sid 2034439 format suricata
et-open web-application-attack
ET WEB_SERVER Generic Webshell Accessed on Internal Compromised Server
sid 2034440 format suricata
et-open attempted-admin
ET ATTACK_RESPONSE Possible WebShell Upload Attempt via Directory Traversal M1
sid 2038637 format suricata
et-open attempted-admin
ET ATTACK_RESPONSE Possible WebShell Upload Attempt via Directory Traversal M2
sid 2038638 format suricata
et-open trojan-activity
ET WEB_SERVER Tunna Variant Webshell Activity
sid 2049010 format suricata
et-open trojan-activity
ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity
sid 2049011 format suricata
et-open trojan-activity
ET WEB_SERVER Suspected FOXSHELL Variant Webshell Activity
sid 2049012 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M1
sid 2049387 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M2
sid 2049388 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M3
sid 2049389 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible /etc/shadow via HTTP M4
sid 2049390 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible arp command output via HTTP (Linux Style)
sid 2049391 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible arp command output via HTTP (Windows Style)
sid 2049392 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible arp command output via HTTP (MacOS Style)
sid 2049393 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Windows Style)
sid 2049403 format suricata
et-open successful-recon-limited
ET ATTACK_RESPONSE Possible hosts File Output via HTTP (Linux Style)
sid 2049404 format suricata
et-open attempted-user
ET WEB_SERVER Simple JSP WebShell Landing Page
sid 2049405 format suricata
et-open attempted-user
ET WEB_SERVER vonloesch JSP File Browser
sid 2049406 format suricata
et-open trojan-activity
ET WEB_SERVER Suspected HrServ Webshell Related Activity M1
sid 2050028 format suricata
et-open trojan-activity
ET WEB_SERVER Suspected HrServ Webshell Related Activity M2
sid 2050029 format suricata
et-open trojan-activity
ET MALWARE PHASEJAM Web Shell Activity Observed M1
sid 2059096 format suricata
et-open trojan-activity
ET MALWARE PHASEJAM Web Shell Activity Observed M2
sid 2059097 format suricata
et-open trojan-activity
ET MALWARE Perl CGI Web Shell (DSAUTOKEN) Activity Observed Inbound
sid 2061885 format suricata
Showing 1-29 of 29
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin