Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass DELETE
sid 2005345 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ASCII
sid 2005346 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UPDATE
sid 2005347 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php SELECT
sid 2005348 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php UNION SELECT
sid 2005349 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php INSERT
sid 2005350 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php DELETE
sid 2005351 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php ASCII
sid 2005352 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php UPDATE
sid 2005353 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid SELECT
sid 2005354 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid UNION SELECT
sid 2005355 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid INSERT
sid 2005356 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid DELETE
sid 2005357 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ASCII
sid 2005358 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid UPDATE
sid 2005359 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user SELECT
sid 2005360 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user UNION SELECT
sid 2005361 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user INSERT
sid 2005362 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user DELETE
sid 2005363 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ASCII
sid 2005364 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user UPDATE
sid 2005365 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id SELECT
sid 2005372 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id SELECT
sid 2005378 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id UNION SELECT
sid 2005379 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id INSERT
sid 2005380 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id DELETE
sid 2005381 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id ASCII
sid 2005382 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id UPDATE
sid 2005383 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid SELECT
sid 2005384 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid UNION SELECT
sid 2005385 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid INSERT
sid 2005386 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid DELETE
sid 2005387 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid ASCII
sid 2005388 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid UPDATE
sid 2005389 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php SELECT
sid 2005390 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UNION SELECT
sid 2005391 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php DELETE
sid 2005392 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php ASCII
sid 2005394 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UPDATE
sid 2005395 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php SELECT
sid 2005396 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php UNION SELECT
sid 2005397 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php INSERT
sid 2005398 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php DELETE
sid 2005399 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php ASCII
sid 2005400 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php UPDATE
sid 2005401 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php SELECT
sid 2005402 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UNION SELECT
sid 2005403 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php INSERT
sid 2005404 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php DELETE
sid 2005405 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php ASCII
sid 2005406 format suricata T1190 ↗
Showing 1501-1550 of 48,683
Prev 31 Next
SOC and Response
Detection Engineering
Threat Hunting
Red Team and Pentest
Compliance and GRC
Atlas
Search Tools & malware CWE Package vulns
About
All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh