Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

48,683 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity
Using these IDS signatures
Deploy. Load them into a Suricata or Snort sensor and reload the ruleset; the sensor inspects traffic inline or from a tap or SPAN port and alerts (or drops) the moment a packet matches.
Adapt. Set the action per rule (alert vs drop), make sure the sensor actually sees the traffic in question - TLS payloads need decryption first - and silence noisy signatures that do not fit your network.
Scope. These catch malicious patterns on the wire: C2 beacons, exploit attempts, known-bad hosts. Pair them with endpoint and log detection, since encrypted or host-local activity never crosses the sensor.

Rules

50 shown of 48,683
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname DELETE
sid 2005910 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname ASCII
sid 2005911 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname UPDATE
sid 2005912 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite SELECT
sid 2005913 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite UNION SELECT
sid 2005914 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite INSERT
sid 2005915 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite DELETE
sid 2005916 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ASCII
sid 2005917 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite UPDATE
sid 2005918 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail SELECT
sid 2005919 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail UNION SELECT
sid 2005920 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail INSERT
sid 2005921 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail DELETE
sid 2005922 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail ASCII
sid 2005923 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail UPDATE
sid 2005924 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did SELECT
sid 2005925 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did UNION SELECT
sid 2005926 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did INSERT
sid 2005927 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did DELETE
sid 2005928 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did ASCII
sid 2005929 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did UPDATE
sid 2005930 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid SELECT
sid 2005931 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid UNION SELECT
sid 2005932 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid INSERT
sid 2005933 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid DELETE
sid 2005934 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid ASCII
sid 2005935 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid UPDATE
sid 2005936 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate SELECT
sid 2005937 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UNION SELECT
sid 2005938 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate INSERT
sid 2005939 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate DELETE
sid 2005940 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ASCII
sid 2005941 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UPDATE
sid 2005942 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp SELECT
sid 2005943 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UNION SELECT
sid 2005944 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp INSERT
sid 2005945 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp DELETE
sid 2005946 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp ASCII
sid 2005947 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UPDATE
sid 2005948 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key SELECT
sid 2005949 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UNION SELECT
sid 2005950 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key INSERT
sid 2005951 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key DELETE
sid 2005952 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ASCII
sid 2005953 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UPDATE
sid 2005954 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num SELECT
sid 2005955 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num UNION SELECT
sid 2005956 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num INSERT
sid 2005957 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num DELETE
sid 2005958 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ASCII
sid 2005959 format suricata T1190 ↗
Showing 2001-2050 of 48,683
Prev 41 Next
SOC and Response
Detection Engineering
Threat Hunting
Red Team and Pentest
Compliance and GRC
About
threatengine.sh