Home/Network IDS rules
IDS / IPS

Network IDS rules

52,690 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Ruleset All et-opensnort-community
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 52,690
et-open policy-violation
ET P2P Gnutella Connect
sid 2001664 format suricata
et-open misc-attack
ET EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow attack
sid 2001668 format suricata
et-open pup-activity
ET ADWARE_PUP Webhancer Data Post
sid 2001677 format suricata
et-open pup-activity
ET ADWARE_PUP YourSiteBar User-Agent (istsvc)
sid 2001699 format suricata
et-open pup-activity
ET ADWARE_PUP Shop at Home Select Spyware User-Agent (Bundle)
sid 2001702 format suricata T1496 ↗
et-open pup-activity
ET ADWARE_PUP Context Plus Spyware User-Agent (Apropos)
sid 2001703 format suricata
et-open pup-activity
ET ADWARE_PUP Context Plus Spyware Install
sid 2001704 format suricata T1005 ↗
et-open pup-activity
ET ADWARE_PUP Context Plus Spyware User-Agent (Envolo)
sid 2001706 format suricata
et-open pup-activity
ET ADWARE_PUP Shop at Home Select Spyware User-Agent (SAH)
sid 2001707 format suricata T1496 ↗
et-open pup-activity
ET ADWARE_PUP SurfSidekick Activity
sid 2001731 format suricata
et-open pup-activity
ET ADWARE_PUP UCMore Spyware User-Agent (UCmore)
sid 2001736 format suricata
et-open pup-activity
ET ADWARE_PUP Enhance My Search Spyware User-Agent (HelperH)
sid 2001746 format suricata
et-open suspicious-login
ET EXPLOIT Pwdump4 Session Established GetHash port 139
sid 2001753 format suricata
et-open suspicious-login
ET EXPLOIT Pwdump4 Session Established GetHash port 445
sid 2001754 format suricata
et-open pup-activity
ET ADWARE_PUP ABX Toolbar ActiveX Install
sid 2001761 format suricata
et-open web-application-activity
ET WEB_SERVER MSSQL Server OLEDB asp error
sid 2001768 format suricata
et-open pup-activity
ET ADWARE_PUP Media Pass ActiveX Install
sid 2001783 format suricata
et-open policy-violation
ET P2P Kazaa over UDP
sid 2001796 format suricata
et-open policy-violation
ET CHAT ICQ Status Invisible
sid 2001801 format suricata
et-open policy-violation
ET CHAT ICQ Status Change (1)
sid 2001802 format suricata
et-open policy-violation
ET CHAT ICQ Status Change (2)
sid 2001803 format suricata
et-open policy-violation
ET CHAT ICQ Login
sid 2001804 format suricata
et-open policy-violation
ET CHAT ICQ Message
sid 2001805 format suricata
et-open policy-violation
ET P2P Limewire P2P UDP Traffic
sid 2001809 format suricata
et-open misc-activity
ET WEB_CLIENT Encoded javascriptdocument.write - usually hostile
sid 2001811 format suricata
et-open pup-activity
ET ADWARE_PUP Easy Search Bar Spyware User-Agent (ESB)
sid 2001853 format suricata
et-open pup-activity
ET ADWARE_PUP EZULA Spyware User Agent
sid 2001854 format suricata
et-open pup-activity
ET ADWARE_PUP Fun Web Products Spyware User-Agent (FunWebProducts)
sid 2001855 format suricata
et-open pup-activity
ET ADWARE_PUP Hotbar Spyware User-Agent (Hotbar)
sid 2001858 format suricata
et-open pup-activity
ET ADWARE_PUP Fun Web Products Spyware User-Agent (MyWay)
sid 2001864 format suricata
et-open pup-activity
ET ADWARE_PUP MyWebSearch Spyware User-Agent (MyWebSearch)
sid 2001865 format suricata
et-open pup-activity
ET ADWARE_PUP Spyware User-Agent (sureseeker)
sid 2001868 format suricata
et-open pup-activity
ET ADWARE_PUP Spyware User-Agent (Sidesearch)
sid 2001869 format suricata
et-open pup-activity
ET ADWARE_PUP Target Saver Spyware User-Agent (TSA)
sid 2001871 format suricata
et-open pup-activity
ET ADWARE_PUP Visicom Spyware User-Agent (Visicom)
sid 2001872 format suricata
et-open pup-activity
ET ADWARE_PUP ToolbarPartner Spyware Agent Download (1)
sid 2001890 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User Agent (agent)
sid 2001891 format suricata
et-open protocol-command-decode
ET SCAN MYSQL 4.0 brute force root login attempt
sid 2001906 format suricata
et-open network-scan
ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound)
sid 2001972 format suricata
et-open pup-activity
ET ADWARE_PUP SurfSidekick Download
sid 2001992 format suricata
et-open pup-activity
ET ADWARE_PUP UCMore Spyware Reporting
sid 2001995 format suricata
et-open pup-activity
ET ADWARE_PUP UCMore Spyware User-Agent (EI)
sid 2001996 format suricata
et-open pup-activity
ET ADWARE_PUP 180solutions Spyware Keywords Download
sid 2002001 format suricata
et-open pup-activity
ET ADWARE_PUP Better Internet Spyware User-Agent (poller)
sid 2002005 format suricata
et-open pup-activity
ET ADWARE_PUP Grandstreet Interactive Spyware User-Agent (IEP)
sid 2002021 format suricata
et-open misc-activity
ET CHAT IRC USER command
sid 2002023 format suricata
et-open misc-activity
ET CHAT IRC NICK command
sid 2002024 format suricata
et-open misc-activity
ET CHAT IRC JOIN command
sid 2002025 format suricata
et-open misc-activity
ET CHAT IRC PRIVMSG command
sid 2002026 format suricata
et-open misc-activity
ET CHAT IRC PING command
sid 2002027 format suricata
Showing 101-150 of 52,690
Prev 3 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh