Home/Network IDS rules
IDS / IPS

Network IDS rules

30 rules · linked to T1570 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

30 shown of 30
et-open bad-unknown
ET POLICY SMB2 NT Create AndX Request For a DLL File - Possible Lateral Movement
sid 2025709 format suricata
et-open bad-unknown
ET POLICY SMB NT Create AndX Request For a .sys File - Possible Lateral Movement
sid 2025710 format suricata
et-open bad-unknown
ET POLICY SMB2 NT Create AndX Request For a .sys File - Possible Lateral Movement
sid 2025711 format suricata
et-open bad-unknown
ET POLICY SMB Remote AT Scheduled Job Create Request - Possible Lateral Movement
sid 2025712 format suricata
et-open trojan-activity
ET POLICY Powershell Command With Hidden Window Argument Over SMB - Likely Lateral Movement
sid 2025720 format suricata
et-open trojan-activity
ET POLICY Powershell Command With Encoded Argument Over SMB - Likely Lateral Movement
sid 2025721 format suricata
et-open trojan-activity
ET POLICY Powershell Command With No Profile Argument Over SMB - Likely Lateral Movement
sid 2025722 format suricata
et-open trojan-activity
ET POLICY Powershell Command With Execution Bypass Argument Over SMB - Likely Lateral Movement
sid 2025723 format suricata
et-open trojan-activity
ET POLICY Powershell Command With NonInteractive Argument Over SMB - Likely Lateral Movement
sid 2025724 format suricata
et-open trojan-activity
ET POLICY RunDll Request Over SMB - Likely Lateral Movement
sid 2025725 format suricata
et-open trojan-activity
ET POLICY WMIC WMI Request Over SMB - Likely Lateral Movement
sid 2025726 format suricata
et-open bad-unknown
ET POLICY WinRM wsman Access - Possible Lateral Movement
sid 2026849 format suricata
et-open bad-unknown
ET POLICY Possible winexe over SMB - Possible Lateral Movement
sid 2026879 format suricata
et-open bad-unknown
ET POLICY Powershell Command With No Profile Argument Over SMB - Likely Lateral Movement
sid 2027169 format suricata
et-open bad-unknown
ET POLICY Powershell Command With Hidden Window Argument Over SMB - Likely Lateral Movement
sid 2027170 format suricata
et-open bad-unknown
ET POLICY Powershell Command With Execution Bypass Argument Over SMB - Likely Lateral Movement
sid 2027171 format suricata
et-open bad-unknown
ET POLICY Powershell Command With Encoded Argument Over SMB - Likely Lateral Movement
sid 2027172 format suricata
et-open bad-unknown
ET POLICY Powershell Command With NonInteractive Argument Over SMB - Likely Lateral Movement
sid 2027173 format suricata
et-open trojan-activity
ET POLICY WMIC WMI Request Over SMB - Likely Lateral Movement
sid 2027180 format suricata
et-open trojan-activity
ET POLICY WMIC WMI Request Over SMB - Likely Lateral Movement
sid 2027181 format suricata
et-open trojan-activity
ET POLICY WMIC WMI Request Over SMB - Likely Lateral Movement
sid 2027182 format suricata
et-open bad-unknown
ET NETBIOS DCERPC DCOM ExecuteShellCommand Call - Likely Lateral Movement
sid 2027189 format suricata
et-open misc-activity
ET INFO Possible Lateral Movement - File Creation Request in Remote System32 Directory (T1105)
sid 2027267 format suricata
et-open command-and-control
ET MALWARE [CISA AA21-291A] Possible BlackMatter Ransomware Lateral Movement
sid 2034225 format suricata
et-open command-and-control
ET ATTACK_RESPONSE Possible ELEFANTE/ElephantBeetle Lateral Movement Activity
sid 2034866 format suricata
et-open bad-unknown
ET HUNTING schtasks change Command in HTTP Body Response
sid 2064622 format suricata
et-open bad-unknown
ET HUNTING schtasks delete Command in HTTP Body Response
sid 2064623 format suricata
et-open bad-unknown
ET HUNTING schtasks end Command in HTTP Body Response
sid 2064624 format suricata
et-open bad-unknown
ET HUNTING schtasks run Command in HTTP Body Response
sid 2064625 format suricata
et-open bad-unknown
ET HUNTING schtasks query Command in HTTP Body Response
sid 2064626 format suricata
Showing 1-30 of 30
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin