Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

1,966 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 1,966
et-open attempted-admin
ET WEB_CLIENT Apple Quicktime RTSP Overflow (1)
sid 2003326 format suricata
et-open attempted-admin
ET WEB_CLIENT Apple Quicktime RTSP Overflow (2)
sid 2003327 format suricata
et-open attempted-admin
ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack
sid 2006546 format suricata
et-open attempted-admin
ET WEB_SERVER Possible SQL Injection (varchar) in HTTP URI
sid 2008175 format suricata T1190 ↗
et-open attempted-admin
ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI
sid 2008176 format suricata T1190 ↗
et-open attempted-admin
ET WEB_SERVER Possible SQL Injection Attempt Danmec related (declare) in HTTP URI
sid 2008467 format suricata T1190 ↗
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1)
sid 2008690 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2)
sid 2008691 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3)
sid 2008692 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4)
sid 2008693 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5)
sid 2008694 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7)
sid 2008696 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8)
sid 2008697 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9)
sid 2008698 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10)
sid 2008699 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance
sid 2008700 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11)
sid 2008701 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12)
sid 2008702 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13)
sid 2008703 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14)
sid 2008704 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15)
sid 2008705 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16)
sid 2008706 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17)
sid 2008707 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18)
sid 2008708 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19)
sid 2008709 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20)
sid 2008710 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22)
sid 2008712 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23)
sid 2008713 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24)
sid 2008714 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25)
sid 2008715 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27)
sid 2008717 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28)
sid 2008718 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29)
sid 2008719 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30)
sid 2008720 format suricata
et-open attempted-admin
ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2)
sid 2008721 format suricata
et-open attempted-admin
ET TELNET External Telnet Attempt To Cisco Device With No Telnet Password Set (Automatically Dissalowed Until Password Set)
sid 2008860 format suricata
et-open attempted-admin
ET POLICY Dlink Soho Router Config Page Access Attempt
sid 2008942 format suricata
et-open attempted-admin
ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop
sid 2009028 format suricata
et-open attempted-admin
ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure
sid 2009043 format suricata
et-open attempted-admin
ET SCAN SQLNinja Attempt To Create xp_cmdshell Session
sid 2009044 format suricata
et-open attempted-admin
ET SCAN Tomcat admin-admin login credentials
sid 2009217 format suricata
et-open attempted-admin
ET SCAN Tomcat admin-blank login credentials
sid 2009218 format suricata
et-open attempted-admin
ET HUNTING Suspicious Chmod Usage in URI (Inbound)
sid 2009363 format suricata
et-open attempted-admin
ET POLICY PPTP Requester is not authorized to establish a command channel
sid 2009387 format suricata
et-open attempted-admin
ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt
sid 2009678 format suricata
et-open attempted-admin
ET WEB_SERVER Possible 3Com OfficeConnect Router Default User Account Remote Command Execution Attempt
sid 2010159 format suricata
et-open attempted-admin
ET EXPLOIT Possible Oracle Database Text Component ctxsys.drvxtabc.create_tables Remote SQL Injection Attempt
sid 2010375 format suricata T1190 ↗
et-open attempted-admin
ET WEB_SPECIFIC_APPS e107 CMS backdoor access admin-access cookie and HTTP POST
sid 2010719 format suricata
et-open attempted-admin
ET SNMP Attempted UDP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String ILMI
sid 2011011 format suricata
et-open attempted-admin
ET SNMP Attempted UDP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String cable-docsis
sid 2011013 format suricata
Showing 1-50 of 1,966
Prev 1 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh