Home/Network IDS rules
IDS / IPS

Network IDS rules

10,907 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Ruleset All et-opensnort-community
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 10,907
et-open trojan-activity
ET P2P Phatbot Control Connection
sid 2000015 format suricata
et-open trojan-activity
ET MALWARE IRC Private message on non-standard port
sid 2000347 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Zone-H.org defacement notification
sid 2001616 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User Agent (agent)
sid 2001891 format suricata
et-open trojan-activity
ET MALWARE IRC Channel topic scan/exploit command
sid 2002029 format suricata
et-open trojan-activity
ET MALWARE IRC Potential bot scan/exploit command
sid 2002030 format suricata
et-open trojan-activity
ET MALWARE IRC potential reptile commands
sid 2002363 format suricata
et-open trojan-activity
ET MALWARE IRC potential bot commands
sid 2002384 format suricata
et-open trojan-activity
ET MALWARE IRC channel topic misc bot commands
sid 2002386 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
sid 2002400 format suricata
et-open trojan-activity
ET MALWARE Torpig Reporting User Activity (x25)
sid 2002762 format suricata
et-open trojan-activity
ET MALWARE Dumador Reporting User Activity
sid 2002763 format suricata
et-open trojan-activity
ET MALWARE Haxdoor Reporting User Activity
sid 2002790 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd)
sid 2002809 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile)
sid 2002810 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server)
sid 2002811 format suricata
et-open trojan-activity
ET USER_AGENTS Metafisher/Goldun User-Agent (z)
sid 2002874 format suricata
et-open trojan-activity
ET MALWARE Haxdoor Reporting User Activity 2
sid 2002929 format suricata
et-open trojan-activity
ET MALWARE Banker.Delf Infection - Sending Initial Email to Owner
sid 2002976 format suricata
et-open trojan-activity
ET MALWARE Banload Downloader Infection - Sending initial email to owner
sid 2002977 format suricata
et-open trojan-activity
ET MALWARE SC-KeyLog Keylogger Installed - Sending Initial Email Report
sid 2002979 format suricata
et-open trojan-activity
ET MALWARE Banker.Delf Infection variant 4 - Sending Initial Email to Owner
sid 2002981 format suricata
et-open trojan-activity
ET MALWARE Torpig Reporting User Activity (wur8)
sid 2003066 format suricata
et-open trojan-activity
ET MALWARE Win32.Lager Trojan Reporting
sid 2003188 format suricata
et-open trojan-activity
ET MALWARE Win32.Lager Trojan Reporting (gcu)
sid 2003189 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19 etc)
sid 2003380 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd)
sid 2003464 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Unusual FTP Server Banner (freeFTPd)
sid 2003465 format suricata
et-open trojan-activity
ET MALWARE Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID)
sid 2003590 format suricata
et-open trojan-activity
ET MALWARE W32.Virut.A joining an IRC Channel
sid 2003603 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent outbound (bot)
sid 2003622 format suricata
et-open trojan-activity
ET MALWARE Zlob User Agent - updating (internetsecurity)
sid 2003632 format suricata
et-open trojan-activity
ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders
sid 2003635 format suricata
et-open trojan-activity
ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)
sid 2003645 format suricata
et-open trojan-activity
ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)
sid 2003647 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent (MSIE)
sid 2003657 format suricata
et-open trojan-activity
ET SCAN WebHack Control Center User-Agent Inbound (WHCC/)
sid 2003924 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent (HTTPTEST) - Seen used by downloaders
sid 2003927 format suricata
et-open trojan-activity
ET MALWARE Banker.Delf User-Agent (Ms)
sid 2003933 format suricata
et-open trojan-activity
ET MALWARE Banload User-Agent Detected (ExampleDL)
sid 2004440 format suricata
et-open trojan-activity
ET MALWARE Banker.Delf User-Agent (hhh)
sid 2004442 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent (MyAgent)
sid 2005320 format suricata
et-open trojan-activity
ET USER_AGENTS Dialer-967 User-Agent
sid 2006364 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent (MYURL)
sid 2006365 format suricata
et-open trojan-activity
ET P2P BearShare P2P Gnutella Client User-Agent (BearShare 6.x.x.x)
sid 2006371 format suricata
et-open trojan-activity
ET P2P Bittorrent P2P Client User-Agent (Bittorrent/5.x.x)
sid 2006372 format suricata
et-open trojan-activity
ET P2P Bittorrent P2P Client HTTP Request
sid 2006375 format suricata
et-open trojan-activity
ET P2P BearShare P2P Gnutella Client HTTP Request
sid 2006379 format suricata
et-open trojan-activity
ET USER_AGENTS Downloader User-Agent Detected (Windows Updates Manager|3.12|...)
sid 2006387 format suricata
et-open trojan-activity
ET MALWARE Poebot Related User Agent (SPM_ID=)
sid 2006391 format suricata
Showing 1-50 of 10,907
Prev 1 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh