Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ASCII
sid 2005589 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat UPDATE
sid 2005590 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id SELECT
sid 2005591 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UNION SELECT
sid 2005592 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id INSERT
sid 2005593 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id DELETE
sid 2005594 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ASCII
sid 2005595 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UPDATE
sid 2005596 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id SELECT
sid 2005597 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UNION SELECT
sid 2005598 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id INSERT
sid 2005599 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id DELETE
sid 2005600 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ASCII
sid 2005601 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UPDATE
sid 2005602 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id SELECT
sid 2005603 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UNION SELECT
sid 2005604 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id INSERT
sid 2005605 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id DELETE
sid 2005606 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ASCII
sid 2005607 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UPDATE
sid 2005608 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder SELECT
sid 2005609 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder UNION SELECT
sid 2005610 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder INSERT
sid 2005611 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder DELETE
sid 2005612 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ASCII
sid 2005613 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder UPDATE
sid 2005614 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid SELECT
sid 2005615 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid UNION SELECT
sid 2005616 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid INSERT
sid 2005617 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid DELETE
sid 2005618 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ASCII
sid 2005619 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid UPDATE
sid 2005620 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid SELECT
sid 2005621 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid UNION SELECT
sid 2005622 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid INSERT
sid 2005623 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid DELETE
sid 2005624 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid ASCII
sid 2005625 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid UPDATE
sid 2005626 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid SELECT
sid 2005627 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid UNION SELECT
sid 2005628 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid INSERT
sid 2005629 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid DELETE
sid 2005630 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid ASCII
sid 2005631 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid UPDATE
sid 2005632 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid SELECT
sid 2005633 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid UNION SELECT
sid 2005634 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid INSERT
sid 2005635 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid DELETE
sid 2005636 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid ASCII
sid 2005637 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid UPDATE
sid 2005638 format suricata T1190 ↗
Showing 1701-1750 of 48,683
Prev 35 Next
SOC and Response
Detection Engineering
Threat Hunting
Red Team and Pentest
Compliance and GRC
About
threatengine.sh