Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHPNuke general SQL injection attempt
sid 2001202 format suricata T1190 ↗
et-open attempted-recon
ET SCAN Potential SSH Scan
sid 2001219 format suricata
et-open pup-activity
ET ADWARE_PUP Regnow.com Access
sid 2001223 format suricata
et-open not-suspicious
ET POLICY Cisco Device in Config Mode
sid 2001239 format suricata
et-open not-suspicious
ET POLICY Cisco Device New Config Built
sid 2001240 format suricata
et-open policy-violation
ET CHAT Yahoo IM voicechat
sid 2001254 format suricata
et-open policy-violation
ET CHAT Yahoo IM file transfer request
sid 2001259 format suricata
et-open successful-admin
ET POLICY Dameware Remote Control Service Install
sid 2001294 format suricata
et-open policy-violation
ET P2P eDonkey Server Status Request
sid 2001298 format suricata
et-open pup-activity
ET ADWARE_PUP Gator/Clarian Agent
sid 2001306 format suricata
et-open pup-activity
ET ADWARE_PUP Webhancer Data Upload
sid 2001317 format suricata
et-open pup-activity
ET ADWARE_PUP Websearch.com Spyware
sid 2001325 format suricata
et-open misc-activity
ET INFO RDP - Response To External Host
sid 2001330 format suricata
et-open pup-activity
ET ADWARE_PUP Ezula Install .exe
sid 2001334 format suricata
et-open pup-activity
ET ADWARE_PUP BInet Information Upload
sid 2001339 format suricata
et-open pup-activity
ET ADWARE_PUP ISearchTech.com XXXPornToolbar Activity (2)
sid 2001395 format suricata
et-open pup-activity
ET ADWARE_PUP E2give Related Downloading Code
sid 2001418 format suricata
et-open policy-violation
ET CHAT Yahoo IM Unavailable Status
sid 2001427 format suricata
et-open pup-activity
ET ADWARE_PUP MediaTickets Download
sid 2001448 format suricata
et-open pup-activity
ET ADWARE_PUP Xpire.info Spyware Install Reporting
sid 2001472 format suricata T1005 ↗
et-open pup-activity
ET ADWARE_PUP Searchmeup Spyware Install (prog)
sid 2001474 format suricata T1005 ↗
et-open pup-activity
ET ADWARE_PUP Searchmeup Spyware Receiving Commands
sid 2001475 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmeup Spyware Install (systime)
sid 2001480 format suricata T1005 ↗
et-open pup-activity
ET ADWARE_PUP Searchmeup Spyware Install (mstask)
sid 2001483 format suricata T1005 ↗
et-open pup-activity
ET ADWARE_PUP Tibsystems Spyware Download
sid 2001488 format suricata
et-open pup-activity
ET ADWARE_PUP ISearchTech.com XXXPornToolbar Activity (IST)
sid 2001493 format suricata
et-open pup-activity
ET ADWARE_PUP Clickspring.net Spyware Reporting Successful Install
sid 2001494 format suricata
et-open pup-activity
ET ADWARE_PUP Outerinfo.com Spyware Advertising Campaign Download
sid 2001496 format suricata
et-open pup-activity
ET ADWARE_PUP Outerinfo.com Spyware Activity
sid 2001497 format suricata
et-open pup-activity
ET ADWARE_PUP Internet Optimizer Activity User-Agent (IOKernel)
sid 2001498 format suricata
et-open pup-activity
ET ADWARE_PUP Look2me Spyware Activity (1)
sid 2001499 format suricata
et-open pup-activity
ET ADWARE_PUP Clickspring.net Spyware Reporting
sid 2001500 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmiracle.com Spyware Installer silent.exe Download
sid 2001533 format suricata T1005 ↗
et-open pup-activity
ET ADWARE_PUP Searchmiracle.com Spyware Install (silent_install)
sid 2001534 format suricata T1005 ↗
et-open pup-activity
ET ADWARE_PUP Searchmiracle.com Spyware Install (protector.exe)
sid 2001535 format suricata T1005 ↗
et-open misc-activity
ET EXPLOIT NTDump Session Established Reg-Entry port 445
sid 2001543 format suricata
et-open misc-activity
ET EXPLOIT NTDump.exe Service Started port 445
sid 2001544 format suricata
et-open policy-violation
ET ADWARE_PUP Suspected PUP/PUA User-Agent (OSSProxy)
sid 2001562 format suricata
et-open policy-violation
ET ADWARE_PUP PUP/PUA OSSProxy HTTP Header
sid 2001564 format suricata
et-open pup-activity
ET ADWARE_PUP BInet Information Install Report
sid 2001576 format suricata
et-open misc-activity
ET SCAN Behavioral Unusual Port 137 traffic Potential Scan or Infection
sid 2001580 format suricata
et-open misc-activity
ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection
sid 2001581 format suricata
et-open misc-activity
ET SCAN Behavioral Unusual Port 1434 traffic Potential Scan or Infection
sid 2001582 format suricata
et-open misc-activity
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
sid 2001583 format suricata
et-open policy-violation
ET CHAT Skype VOIP Checking Version (Startup)
sid 2001595 format suricata
et-open policy-violation
ET POLICY Netop Remote Control Usage
sid 2001597 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Zone-H.org defacement notification
sid 2001616 format suricata
et-open web-application-attack
ET ACTIVEX winhlp32 ActiveX control attack - phase 1
sid 2001622 format suricata
et-open web-application-attack
ET ACTIVEX winhlp32 ActiveX control attack - phase 2
sid 2001623 format suricata
et-open web-application-attack
ET ACTIVEX winhlp32 ActiveX control attack - phase 3
sid 2001624 format suricata
Showing 51-100 of 48,683
Prev 2 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh