Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id DELETE
sid 2004970 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id ASCII
sid 2004971 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id UPDATE
sid 2004972 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid SELECT
sid 2004979 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid UNION SELECT
sid 2004980 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid INSERT
sid 2004981 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid DELETE
sid 2004982 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ASCII
sid 2004983 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid UPDATE
sid 2004984 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by SELECT
sid 2004985 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by UNION SELECT
sid 2004986 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by INSERT
sid 2004987 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by DELETE
sid 2004988 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by ASCII
sid 2004989 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by UPDATE
sid 2004990 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order SELECT
sid 2004991 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order UNION SELECT
sid 2004992 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order INSERT
sid 2004993 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order DELETE
sid 2004994 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order ASCII
sid 2004995 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order UPDATE
sid 2004996 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid SELECT
sid 2004997 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UNION SELECT
sid 2004998 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid INSERT
sid 2004999 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid DELETE
sid 2005000 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ASCII
sid 2005001 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UPDATE
sid 2005002 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp SELECT
sid 2005003 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp UNION SELECT
sid 2005004 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp INSERT
sid 2005005 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp DELETE
sid 2005006 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp ASCII
sid 2005007 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp UPDATE
sid 2005008 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user SELECT
sid 2005009 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user UNION SELECT
sid 2005010 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user INSERT
sid 2005011 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user DELETE
sid 2005012 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ASCII
sid 2005013 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user UPDATE
sid 2005014 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id SELECT
sid 2005015 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UNION SELECT
sid 2005016 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id INSERT
sid 2005017 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id DELETE
sid 2005018 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ASCII
sid 2005019 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UPDATE
sid 2005020 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user SELECT
sid 2005021 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user UNION SELECT
sid 2005022 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user INSERT
sid 2005023 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user DELETE
sid 2005024 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user ASCII
sid 2005025 format suricata T1190 ↗
Showing 1151-1200 of 48,683
Prev 24 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Detection coverage workspace
Saved stacks
SIEM query builder
Detection rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Detection coverage Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh