Network IDS rules

Home/Network IDS rules

IDS / IPS

52,690 rules · Snort / Suricata signatures

Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.

◈

Rules

50 shown of 52,690

et-open misc-activity

ET CHAT IRC PONG response

sid 2002028 format suricata

et-open trojan-activity

ET MALWARE IRC Channel topic scan/exploit command

sid 2002029 format suricata

et-open trojan-activity

ET MALWARE IRC Potential bot scan/exploit command

sid 2002030 format suricata

et-open successful-recon-limited

ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style)

sid 2002034 format suricata

et-open pup-activity

ET ADWARE_PUP Shopathomeselect .com Spyware User-Agent (WebDownloader)

sid 2002038 format suricata T1496 ↗

et-open misc-activity

ET USER_AGENTS SideStep User-Agent

sid 2002078 format suricata

et-open misc-activity

ET POLICY Inbound Frequent Emails - Possible Spambot Inbound

sid 2002087 format suricata

et-open pup-activity

ET ADWARE_PUP yupsearch.com Spyware Install - protector.exe

sid 2002092 format suricata T1005 ↗

et-open pup-activity

ET ADWARE_PUP yupsearch.com Spyware Install - sideb.exe

sid 2002098 format suricata T1005 ↗

et-open policy-violation

ET GAMES Guild Wars connection

sid 2002154 format suricata

et-open policy-violation

ET CHAT Skype User-Agent detected

sid 2002157 format suricata

et-open pup-activity

ET ADWARE_PUP CoolWebSearch Spyware (Feat)

sid 2002160 format suricata

et-open misc-activity

ET POLICY Wise Solutions Install Reporting via HTTP - User Agent (Wise)

sid 2002167 format suricata

et-open pup-activity

ET ADWARE_PUP Casalemedia Spyware Reporting URL Visited 2

sid 2002196 format suricata

et-open policy-violation

ET CHAT Google Talk (Jabber) Client Login

sid 2002327 format suricata

et-open policy-violation

ET POLICY Google Talk TLS Client Traffic

sid 2002330 format suricata

et-open policy-violation

ET CHAT Google IM traffic Jabber client sign-on

sid 2002334 format suricata

et-open trojan-activity

ET MALWARE IRC potential reptile commands

sid 2002363 format suricata

et-open web-application-activity

ET WEB_SPECIFIC_APPS Miva Merchant Cross Site Scripting Attack

sid 2002371 format suricata

et-open unsuccessful-user

ET SCAN Potential FTP Brute-Force attempt response

sid 2002383 format suricata

et-open trojan-activity

ET MALWARE IRC potential bot commands

sid 2002384 format suricata

et-open trojan-activity

ET MALWARE IRC channel topic misc bot commands

sid 2002386 format suricata

et-open pup-activity

ET ADWARE_PUP Miva User-Agent (TPSystem)

sid 2002395 format suricata

et-open pup-activity

ET ADWARE_PUP Miva Spyware User-Agent (Travel Update)

sid 2002396 format suricata

et-open trojan-activity

ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)

sid 2002400 format suricata

et-open pup-activity

ET ADWARE_PUP Spyware Related User-Agent (UtilMind HTTPGet)

sid 2002402 format suricata

et-open pup-activity

ET ADWARE_PUP Context Plus User-Agent (PTS)

sid 2002403 format suricata

et-open pup-activity

ET ADWARE_PUP Internet Optimizer User-Agent (ROGUE)

sid 2002405 format suricata

et-open policy-violation

ET CHAT Yahoo IM Client Install

sid 2002659 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS e107 resetcore.php SQL Injection attempt

sid 2002663 format suricata T1190 ↗

et-open attempted-recon

ET SCAN Nessus User Agent

sid 2002664 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS Galerie ShowGallery.php SQL Injection attempt

sid 2002671 format suricata T1190 ↗

et-open web-application-attack

ET SCAN Nikto Web App Scan in Progress

sid 2002677 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS Cyphor show.php SQL injection attempt

sid 2002678 format suricata T1190 ↗

et-open pup-activity

ET ADWARE_PUP iframebiz - loadadv***.exe

sid 2002710 format suricata

et-open pup-activity

ET ADWARE_PUP Zenotecnico Adware 2

sid 2002735 format suricata

et-open pup-activity

ET ADWARE_PUP Zenotecnico Spyware Install Report

sid 2002737 format suricata T1005 ↗

et-open pup-activity

ET ADWARE_PUP iDownloadAgent Spyware User-Agent (iDownloadAgent)

sid 2002739 format suricata

et-open policy-violation

ET P2P GnucDNA UDP Ultrapeer Traffic

sid 2002760 format suricata

et-open policy-violation

ET P2P Gnutella TCP Ultrapeer Traffic

sid 2002761 format suricata

et-open trojan-activity

ET MALWARE Torpig Reporting User Activity (x25)

sid 2002762 format suricata

et-open trojan-activity

ET MALWARE Dumador Reporting User Activity

sid 2002763 format suricata

et-open trojan-activity

ET MALWARE Haxdoor Reporting User Activity

sid 2002790 format suricata

et-open policy-violation

ET POLICY Google Desktop User-Agent Detected

sid 2002801 format suricata

et-open trojan-activity

ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd)

sid 2002809 format suricata

et-open trojan-activity

ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile)

sid 2002810 format suricata

et-open trojan-activity

ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server)

sid 2002811 format suricata

et-open policy-violation

ET P2P Direct Connect Traffic (client-server)

sid 2002814 format suricata

et-open attempted-recon

ET POLICY Possible Web Crawl using Wget

sid 2002823 format suricata

et-open attempted-recon

ET POLICY POSSIBLE Web Crawl using Curl

sid 2002825 format suricata

Showing 151-200 of 52,690

Prev 4 Next