Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID INSERT
sid 2005689 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID DELETE
sid 2005690 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID ASCII
sid 2005691 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID UPDATE
sid 2005692 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID SELECT
sid 2005693 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID UNION SELECT
sid 2005694 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID INSERT
sid 2005695 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID DELETE
sid 2005696 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID ASCII
sid 2005697 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID UPDATE
sid 2005698 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat SELECT
sid 2005699 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat UNION SELECT
sid 2005700 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat INSERT
sid 2005701 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat DELETE
sid 2005702 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat ASCII
sid 2005703 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat UPDATE
sid 2005704 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat SELECT
sid 2005705 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat UNION SELECT
sid 2005706 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat INSERT
sid 2005707 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat DELETE
sid 2005708 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat ASCII
sid 2005709 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat UPDATE
sid 2005710 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat SELECT
sid 2005711 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat UNION SELECT
sid 2005712 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat INSERT
sid 2005713 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat DELETE
sid 2005714 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat ASCII
sid 2005715 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat UPDATE
sid 2005716 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword SELECT
sid 2005717 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword UNION SELECT
sid 2005718 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword INSERT
sid 2005719 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword DELETE
sid 2005720 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword ASCII
sid 2005721 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword UPDATE
sid 2005722 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area SELECT
sid 2005723 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area UNION SELECT
sid 2005724 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area INSERT
sid 2005725 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area DELETE
sid 2005726 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area ASCII
sid 2005727 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area UPDATE
sid 2005728 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area SELECT
sid 2005729 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area UNION SELECT
sid 2005730 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area INSERT
sid 2005731 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area DELETE
sid 2005732 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area ASCII
sid 2005733 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area UPDATE
sid 2005734 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin SELECT
sid 2005735 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin UNION SELECT
sid 2005736 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin INSERT
sid 2005738 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin DELETE
sid 2005739 format suricata T1190 ↗
Showing 1801-1850 of 48,683
Prev 37 Next
SOC and Response
Detection Engineering
Threat Hunting
Red Team and Pentest
Compliance and GRC
About
threatengine.sh