Home/Network IDS rules
IDS / IPS

Network IDS rules

1,353 rules · linked to T1572 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 1,353
et-open policy-violation
ET POLICY Observed SSL Cert (DoH Service)
sid 2029051 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain (dns .alidns .com in TLS SNI)
sid 2034912 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns2 .dns-ga .de)
sid 2043338 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (nebula .sly .io)
sid 2043339 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .rotunneling .net)
sid 2043340 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (secure .avastdns .com)
sid 2043341 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (lindung .pp .ua)
sid 2043342 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (tuic .salome .my .id)
sid 2043423 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (doh .ubd .ac .id)
sid 2043424 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns-family .esegece .com)
sid 2043425 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (safe .kswro .web .id)
sid 2043426 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .5ososea .com)
sid 2043427 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (anggityuls .my .id)
sid 2043428 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (soay38us0r7goa7 .cmsdp .my .id)
sid 2043429 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .esegece .com)
sid 2043430 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (rdns .faelix .net)
sid 2043431 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (opennic .i2pd .xyz)
sid 2043432 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (doh .sb)
sid 2043433 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .gnb09 .id)
sid 2043434 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (kswro .web .id)
sid 2043435 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .spil .co .id)
sid 2043436 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .vmath .my .id)
sid 2043437 format suricata
et-open misc-activity
ET INFO Observed DNS Over HTTPS Domain in TLS SNI (d .apemlegit .my .id)
sid 2043438 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .aws .ketan .dev)
sid 2043460 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .porteii .com)
sid 2043461 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d365 .in)
sid 2043462 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (q3i6k7j3 .stackpathcdn .com)
sid 2043463 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (bilidon .dnsuser .info)
sid 2043464 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .rodovatech .com)
sid 2043465 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (surt .ml)
sid 2043466 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .d96 .info)
sid 2043467 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .dessoi .cloud)
sid 2043468 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguardh .ga)
sid 2043469 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .betamax65 .de)
sid 2043470 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (home .marcrnt .de)
sid 2043471 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (2 .11i .eu)
sid 2043472 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .kr .chavy .dev)
sid 2043473 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (whax .eu .org)
sid 2043474 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .siry .de)
sid 2043475 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (ads-eu .landgame .net)
sid 2043476 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (hooliganska .duckdns .org)
sid 2043477 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .opnsource .com .au)
sid 2043478 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (yovbak .com)
sid 2043479 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .depieri .net)
sid 2043480 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .privilab .net)
sid 2043481 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aman .ltd)
sid 2043482 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (sbdns .co .in)
sid 2043483 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (kr .pigs .eu .org)
sid 2043484 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (mrcapslock .ir)
sid 2043485 format suricata
et-open misc-activity
ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ofdoom .net)
sid 2043486 format suricata
Showing 1-50 of 1,353
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin