Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UPDATE
sid 2005407 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php SELECT
sid 2005408 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php UNION SELECT
sid 2005409 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php INSERT
sid 2005410 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php DELETE
sid 2005411 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php ASCII
sid 2005412 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php UPDATE
sid 2005413 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php SELECT
sid 2005414 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php UNION SELECT
sid 2005415 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php INSERT
sid 2005416 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php DELETE
sid 2005417 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php ASCII
sid 2005418 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php UPDATE
sid 2005419 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where SELECT
sid 2005420 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where UNION SELECT
sid 2005421 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where INSERT
sid 2005422 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where DELETE
sid 2005423 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where ASCII
sid 2005424 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where UPDATE
sid 2005425 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where SELECT
sid 2005426 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where UNION SELECT
sid 2005427 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where INSERT
sid 2005428 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where DELETE
sid 2005429 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where ASCII
sid 2005430 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where UPDATE
sid 2005431 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text SELECT
sid 2005432 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text UNION SELECT
sid 2005433 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text INSERT
sid 2005434 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text DELETE
sid 2005435 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text ASCII
sid 2005436 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text UPDATE
sid 2005437 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text SELECT
sid 2005438 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text UNION SELECT
sid 2005439 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text INSERT
sid 2005440 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text DELETE
sid 2005441 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text ASCII
sid 2005442 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text UPDATE
sid 2005443 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text SELECT
sid 2005444 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text UNION SELECT
sid 2005445 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text INSERT
sid 2005446 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text DELETE
sid 2005447 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text ASCII
sid 2005448 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text UPDATE
sid 2005449 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email SELECT
sid 2005450 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email UNION SELECT
sid 2005451 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email INSERT
sid 2005452 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email DELETE
sid 2005453 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email ASCII
sid 2005454 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email UPDATE
sid 2005455 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active SELECT
sid 2005456 format suricata T1190 ↗
Showing 1551-1600 of 48,683
Prev 32 Next
SOC and Response
Detection Engineering
Threat Hunting
Red Team and Pentest
Compliance and GRC
Atlas
Search Tools & malware CWE Package vulns
About
All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh