Home/Network IDS rules
IDS / IPS

Network IDS rules

52,690 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Ruleset All et-opensnort-community
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 52,690
et-open pup-activity
ET ADWARE_PUP Adload.Generic Spyware User-Agent (ProxyDown)
sid 2003639 format suricata
et-open pup-activity
ET ADWARE_PUP Adload.Generic Spyware User-Agent (91castInstallKernel)
sid 2003640 format suricata
et-open trojan-activity
ET MALWARE Generic.Malware.SFL User-Agent (Rescue/9.11)
sid 2003645 format suricata
et-open command-and-control
ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin
sid 2003646 format suricata
et-open trojan-activity
ET MALWARE Backdoor.Irc.MFV User Agent Detected (IRC-U)
sid 2003647 format suricata
et-open command-and-control
ET MALWARE Dialer-715 Install Checkin
sid 2003650 format suricata
et-open pup-activity
ET ADWARE_PUP Trafficadvance.net Spyware User-Agent (Internet 1.0)
sid 2003655 format suricata
et-open pup-activity
ET ADWARE_PUP debelizombi.com (Rizo) related Spyware User-Agent (mc_v1.2.6)
sid 2003656 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent (MSIE)
sid 2003657 format suricata
et-open pup-activity
ET ADWARE_PUP qq.com related Spyware User-Agent (QQGame)
sid 2003658 format suricata
et-open misc-attack
ET SCAN ProxyReconBot CONNECT method to Mail
sid 2003869 format suricata
et-open trojan-activity
ET SCAN WebHack Control Center User-Agent Inbound (WHCC/)
sid 2003924 format suricata
et-open trojan-activity
ET USER_AGENTS Suspicious User-Agent (HTTPTEST) - Seen used by downloaders
sid 2003927 format suricata
et-open pup-activity
ET ADWARE_PUP Mirar Bar Spyware User-Agent (Mbar)
sid 2003928 format suricata
et-open trojan-activity
ET MALWARE Banker.Delf User-Agent (Ms)
sid 2003933 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UNION SELECT
sid 2004000 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id INSERT
sid 2004001 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE
sid 2004002 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ASCII
sid 2004003 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UPDATE
sid 2004004 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id SELECT
sid 2004005 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UNION SELECT
sid 2004006 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id INSERT
sid 2004007 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id DELETE
sid 2004008 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id ASCII
sid 2004009 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UPDATE
sid 2004010 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie SELECT
sid 2004011 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UNION SELECT
sid 2004012 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie INSERT
sid 2004013 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie DELETE
sid 2004014 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie ASCII
sid 2004015 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UPDATE
sid 2004016 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style SELECT
sid 2004023 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UNION SELECT
sid 2004024 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style INSERT
sid 2004025 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style DELETE
sid 2004026 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style ASCII
sid 2004027 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UPDATE
sid 2004028 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue SELECT
sid 2004029 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UNION SELECT
sid 2004030 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue INSERT
sid 2004031 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue DELETE
sid 2004032 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue ASCII
sid 2004033 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UPDATE
sid 2004034 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT
sid 2004035 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT
sid 2004036 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT
sid 2004037 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE
sid 2004038 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII
sid 2004039 format suricata T1190 ↗
et-open web-application-attack
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE
sid 2004040 format suricata T1190 ↗
Showing 351-400 of 52,690
Prev 8 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh