Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ASCII
sid 2004323 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UPDATE
sid 2004324 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang SELECT
sid 2004325 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UNION SELECT
sid 2004326 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang INSERT
sid 2004327 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang DELETE
sid 2004328 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang ASCII
sid 2004329 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UPDATE
sid 2004330 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout SELECT
sid 2004331 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout UNION SELECT
sid 2004332 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout INSERT
sid 2004333 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout DELETE
sid 2004334 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout ASCII
sid 2004335 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout UPDATE
sid 2004336 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author SELECT
sid 2004337 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author UNION SELECT
sid 2004338 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author INSERT
sid 2004339 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author DELETE
sid 2004340 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author ASCII
sid 2004341 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author UPDATE
sid 2004342 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id SELECT
sid 2004343 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id UNION SELECT
sid 2004344 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id INSERT
sid 2004345 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id DELETE
sid 2004346 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id ASCII
sid 2004347 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id UPDATE
sid 2004348 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id SELECT
sid 2004349 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UNION SELECT
sid 2004350 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id INSERT
sid 2004351 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id DELETE
sid 2004352 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id ASCII
sid 2004353 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UPDATE
sid 2004354 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id SELECT
sid 2004355 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id UNION SELECT
sid 2004356 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id INSERT
sid 2004357 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id DELETE
sid 2004358 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id ASCII
sid 2004359 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id UPDATE
sid 2004360 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id SELECT
sid 2004361 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id UNION SELECT
sid 2004362 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id INSERT
sid 2004363 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id DELETE
sid 2004364 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id ASCII
sid 2004365 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id UPDATE
sid 2004366 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url SELECT
sid 2004367 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url UNION SELECT
sid 2004368 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url INSERT
sid 2004369 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url DELETE
sid 2004370 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url ASCII
sid 2004371 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url UPDATE
sid 2004372 format suricata T1190 ↗
Showing 651-700 of 48,683
Prev 14 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Detection coverage workspace
Saved stacks
SIEM query builder
Detection rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Detection coverage Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh