Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website UNION SELECT
sid 2004512 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website INSERT
sid 2004513 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website DELETE
sid 2004514 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website ASCII
sid 2004515 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website UPDATE
sid 2004516 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message SELECT
sid 2004517 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message UNION SELECT
sid 2004518 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message INSERT
sid 2004519 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message DELETE
sid 2004520 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message ASCII
sid 2004521 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message UPDATE
sid 2004522 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country SELECT
sid 2004523 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UNION SELECT
sid 2004524 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country INSERT
sid 2004525 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country DELETE
sid 2004526 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country ASCII
sid 2004527 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UPDATE
sid 2004528 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id SELECT
sid 2004529 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id UNION SELECT
sid 2004530 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id INSERT
sid 2004531 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id DELETE
sid 2004532 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id ASCII
sid 2004533 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id UPDATE
sid 2004534 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id SELECT
sid 2004535 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id UNION SELECT
sid 2004536 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id INSERT
sid 2004537 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id DELETE
sid 2004538 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id ASCII
sid 2004539 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id UPDATE
sid 2004540 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT
sid 2004541 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT
sid 2004542 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT
sid 2004543 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE
sid 2004544 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII
sid 2004545 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE
sid 2004546 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id SELECT
sid 2004547 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id INSERT
sid 2004548 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id DELETE
sid 2004549 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id ASCII
sid 2004550 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id UPDATE
sid 2004551 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php SELECT
sid 2004600 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UNION SELECT
sid 2004601 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php INSERT
sid 2004602 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php DELETE
sid 2004603 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ASCII
sid 2004604 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UPDATE
sid 2004605 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete SELECT
sid 2004612 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete UNION SELECT
sid 2004613 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete INSERT
sid 2004614 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete DELETE
sid 2004615 format suricata T1190 ↗
Showing 801-850 of 48,683
Prev 17 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Detection rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh