Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE
sid 2004800 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ASCII
sid 2004801 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UPDATE
sid 2004802 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) functions.php SQL Injection via id Parameter (CVE-2007-1122)
sid 2004803 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav SELECT
sid 2004809 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UNION SELECT
sid 2004810 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav INSERT
sid 2004811 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav DELETE
sid 2004812 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ASCII
sid 2004813 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UPDATE
sid 2004815 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category SELECT
sid 2004816 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category UNION SELECT
sid 2004817 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category INSERT
sid 2004818 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category DELETE
sid 2004819 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category ASCII
sid 2004820 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category UPDATE
sid 2004821 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat SELECT
sid 2004822 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat UNION SELECT
sid 2004823 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat INSERT
sid 2004824 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat DELETE
sid 2004825 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat ASCII
sid 2004826 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat UPDATE
sid 2004827 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd SELECT
sid 2004828 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd UNION SELECT
sid 2004829 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd INSERT
sid 2004830 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd DELETE
sid 2004831 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd ASCII
sid 2004832 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd UPDATE
sid 2004833 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id SELECT
sid 2004834 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UNION SELECT
sid 2004835 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id INSERT
sid 2004836 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id DELETE
sid 2004837 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UPDATE
sid 2004839 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor SELECT
sid 2004840 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor UNION SELECT
sid 2004841 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor INSERT
sid 2004842 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor DELETE
sid 2004843 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor ASCII
sid 2004844 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor UPDATE
sid 2004845 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UNION SELECT
sid 2004846 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id INSERT
sid 2004847 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id DELETE
sid 2004848 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id ASCII
sid 2004849 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UPDATE
sid 2004850 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT
sid 2004851 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT
sid 2004852 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT
sid 2004853 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE
sid 2004854 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII
sid 2004855 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE
sid 2004856 format suricata T1190 ↗
Showing 1001-1050 of 48,683
Prev 21 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Detection coverage workspace
Saved stacks
SIEM query builder
Detection rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Detection coverage Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh