Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board INSERT
sid 2005288 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board DELETE
sid 2005289 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ASCII
sid 2005290 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UPDATE
sid 2005291 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid SELECT
sid 2005292 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid UNION SELECT
sid 2005293 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid INSERT
sid 2005294 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid DELETE
sid 2005295 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid ASCII
sid 2005296 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid UPDATE
sid 2005297 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id SELECT
sid 2005298 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id UNION SELECT
sid 2005299 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id INSERT
sid 2005300 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id DELETE
sid 2005301 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id ASCII
sid 2005302 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id UPDATE
sid 2005303 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft SELECT
sid 2005304 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UNION SELECT
sid 2005305 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft INSERT
sid 2005306 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft DELETE
sid 2005307 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ASCII
sid 2005308 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UPDATE
sid 2005309 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay SELECT
sid 2005310 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ASCII
sid 2005311 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID UNION SELECT
sid 2005312 format suricata T1190 ↗
et-open pup-activity
ET ADWARE_PUP Statblaster.com Spyware User-Agent (fetcher)
sid 2005318 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent (MyAgent)
sid 2005320 format suricata
et-open pup-activity
ET ADWARE_PUP NavExcel Spyware User-Agent (NavHelper)
sid 2005321 format suricata
et-open pup-activity
ET ADWARE_PUP Spylocked Fake Anti-Spyware User-Agent (SpyLocked)
sid 2005322 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php SELECT
sid 2005324 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php UNION SELECT
sid 2005325 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php INSERT
sid 2005326 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php DELETE
sid 2005327 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php ASCII
sid 2005328 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php UPDATE
sid 2005329 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic SELECT
sid 2005330 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic UNION SELECT
sid 2005331 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic INSERT
sid 2005332 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic DELETE
sid 2005333 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic ASCII
sid 2005334 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic UPDATE
sid 2005335 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template SELECT
sid 2005336 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template UNION SELECT
sid 2005337 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template INSERT
sid 2005338 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template DELETE
sid 2005339 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template ASCII
sid 2005340 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template UPDATE
sid 2005341 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass SELECT
sid 2005342 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UNION SELECT
sid 2005343 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass INSERT
sid 2005344 format suricata T1190 ↗
Showing 1451-1500 of 48,683
Prev 30 Next
SOC and Response
Detection Engineering
Threat Hunting
Red Team and Pentest
Compliance and GRC
Atlas
Search Tools & malware CWE Package vulns
About
All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh