Home/Network IDS rules
IDS / IPS

Network IDS rules

52,690 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Ruleset All et-opensnort-community
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 52,690
et-open trojan-activity
ET P2P Phatbot Control Connection
sid 2000015 format suricata
et-open attempted-user
ET WEB_SERVER SQL sp_password attempt
sid 2000105 format suricata
et-open attempted-user
ET WEB_SERVER SQL sp_delete_alert attempt
sid 2000106 format suricata
et-open misc-activity
ET POLICY Outbound Multiple Non-SMTP Server Emails
sid 2000328 format suricata
et-open policy-violation
ET P2P ed2k request part
sid 2000332 format suricata
et-open policy-violation
ET P2P ed2k file request answer
sid 2000333 format suricata
et-open policy-violation
ET P2P BitTorrent peer sync
sid 2000334 format suricata
et-open misc-activity
ET INFO IRC Nick change on non-standard port
sid 2000345 format suricata
et-open trojan-activity
ET MALWARE IRC Private message on non-standard port
sid 2000347 format suricata
et-open unusual-client-port-connection
ET POLICY IRC Channel JOIN on non-standard port
sid 2000348 format suricata
et-open non-standard-protocol
ET POLICY IRC DCC file transfer request on non-std port
sid 2000349 format suricata
et-open policy-violation
ET MALWARE IRC DCC chat request on non-standard port
sid 2000350 format suricata
et-open policy-violation
ET MALWARE IRC Channel join on non-standard port
sid 2000351 format suricata
et-open policy-violation
ET MALWARE IRC DNS request on non-standard port
sid 2000352 format suricata
et-open misc-activity
ET CHAT IRC authorization message
sid 2000355 format suricata
et-open policy-violation
ET P2P BitTorrent Traffic
sid 2000357 format suricata
et-open policy-violation
ET P2P BitTorrent Announce
sid 2000369 format suricata
et-open policy-violation
ET POLICY Executable and linking format (ELF) file download
sid 2000418 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM1
sid 2000499 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM2
sid 2000500 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM3
sid 2000501 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access COM4
sid 2000502 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT1
sid 2000503 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT2
sid 2000504 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT3
sid 2000505 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access LPT4
sid 2000506 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access AUX
sid 2000507 format suricata
et-open string-detect
ET ATTACK_RESPONSE FTP inaccessible directory access NULL
sid 2000508 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e Password Hash Retrieval port 445
sid 2000563 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e pwservice.exe Access port 445
sid 2000564 format suricata
et-open suspicious-login
ET EXPLOIT Pwdump3e Session Established Reg-Entry port 139
sid 2000565 format suricata
et-open suspicious-login
ET EXPLOIT Pwdump3e Session Established Reg-Entry port 445
sid 2000566 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e pwservice.exe Access port 139
sid 2000567 format suricata
et-open misc-attack
ET EXPLOIT Pwdump3e Password Hash Retrieval port 139
sid 2000568 format suricata
et-open policy-violation
ET POLICY AOL Webmail Message Send
sid 2000571 format suricata
et-open misc-activity
ET SCAN ICMP PING IPTools
sid 2000575 format suricata
et-open pup-activity
ET ADWARE_PUP Ezula Related User-Agent (mez)
sid 2000586 format suricata
et-open pup-activity
ET ADWARE_PUP Gator/Claria Data Submission
sid 2000596 format suricata
et-open pup-activity
ET ADWARE_PUP Keenvalue Update Engine
sid 2000932 format suricata
et-open pup-activity
ET ADWARE_PUP Casino on Net Reporting Data
sid 2001031 format suricata
et-open policy-violation
ET P2P Morpheus Install
sid 2001035 format suricata
et-open policy-violation
ET P2P Morpheus Install ini Download
sid 2001036 format suricata
et-open policy-violation
ET P2P Morpheus Update Request
sid 2001037 format suricata
et-open misc-activity
ET EXPLOIT NTDump Session Established Reg-Entry port 139
sid 2001052 format suricata
et-open misc-activity
ET EXPLOIT NTDump.exe Service Started port 139
sid 2001053 format suricata
et-open policy-violation
ET P2P Ares traffic
sid 2001059 format suricata
et-open policy-violation
ET P2P Soulseek Filesearch Results
sid 2001187 format suricata
et-open policy-violation
ET P2P Soulseek
sid 2001188 format suricata
et-open misc-activity
ET EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT
sid 2001195 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS PHPNuke SQL injection attempt
sid 2001197 format suricata T1190 ↗
Showing 1-50 of 52,690
Prev 1 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh