Home/Network IDS rules
IDS / IPS

Network IDS rules

4,007 rules · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Ruleset All et-opensnort-community
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 4,007
snort-community misc-activity
MALWARE-BACKDOOR - Dagger_1.4.0
sid 105 format snort
snort-community misc-activity
MALWARE-BACKDOOR QAZ Worm Client Login access
sid 108 format snort
snort-community trojan-activity
MALWARE-BACKDOOR netbus getinfo
sid 110 format snort
snort-community trojan-activity
MALWARE-BACKDOOR NetBus Pro 2.0 connection established
sid 115 format snort
snort-community misc-activity
MALWARE-BACKDOOR Infector.1.x
sid 117 format snort
snort-community trojan-activity
MALWARE-BACKDOOR SatansBackdoor.2.0.Beta
sid 118 format snort
snort-community misc-activity
MALWARE-BACKDOOR Doly 2.0 access
sid 119 format snort
snort-community misc-activity
MALWARE-BACKDOOR Infector 1.6 Client to Server Connection Request
sid 121 format snort
snort-community misc-activity
MALWARE-BACKDOOR HackAttack 1.20 Connect
sid 141 format snort
snort-community suspicious-login
PROTOCOL-FTP ADMw0rm ftp login attempt
sid 144 format snort
snort-community trojan-activity
MALWARE-BACKDOOR NetSphere access
sid 146 format snort
snort-community trojan-activity
MALWARE-BACKDOOR GateCrasher
sid 147 format snort
snort-community misc-activity
MALWARE-BACKDOOR BackConstruction 2.1 Connection
sid 152 format snort
snort-community misc-activity
MALWARE-BACKDOOR BackConstruction 2.1 Client FTP Open Request
sid 157 format snort
snort-community misc-activity
MALWARE-BACKDOOR BackConstruction 2.1 Server FTP Open Reply
sid 158 format snort
snort-community misc-activity
MALWARE-BACKDOOR Matrix 2.0 Client connect
sid 161 format snort
snort-community misc-activity
MALWARE-BACKDOOR Matrix 2.0 Server access
sid 162 format snort
snort-community misc-activity
MALWARE-BACKDOOR WinCrash 1.0 Server Active
sid 163 format snort
snort-community misc-activity
MALWARE-BACKDOOR CDK
sid 185 format snort
snort-community trojan-activity
MALWARE-BACKDOOR DeepThroat 3.1 Server Response
sid 195 format snort
snort-community trojan-activity
MALWARE-BACKDOOR PhaseZero Server Active on Network
sid 208 format snort
snort-community attempted-admin
MALWARE-BACKDOOR w00w00 attempt
sid 209 format snort
snort-community attempted-admin
MALWARE-BACKDOOR attempt
sid 210 format snort
snort-community attempted-admin
MALWARE-BACKDOOR MISC r00t attempt
sid 211 format snort
snort-community attempted-admin
MALWARE-BACKDOOR MISC rewt attempt
sid 212 format snort
snort-community attempted-admin
MALWARE-BACKDOOR MISC Linux rootkit attempt
sid 213 format snort
snort-community attempted-admin
MALWARE-BACKDOOR MISC Linux rootkit attempt lrkr0x
sid 214 format snort
snort-community attempted-admin
MALWARE-BACKDOOR MISC Linux rootkit attempt
sid 215 format snort
snort-community attempted-admin
MALWARE-BACKDOOR MISC Linux rootkit satori attempt
sid 216 format snort
snort-community attempted-admin
MALWARE-BACKDOOR MISC sm4ck attempt
sid 217 format snort
snort-community attempted-user
MALWARE-BACKDOOR MISC Solaris 2.5 attempt
sid 218 format snort
snort-community misc-activity
MALWARE-BACKDOOR HidePak backdoor attempt
sid 219 format snort
snort-community misc-activity
MALWARE-BACKDOOR HideSource backdoor attempt
sid 220 format snort
snort-community attempted-dos
PROTOCOL-ICMP TFN Probe
sid 221 format snort
snort-community attempted-dos
PROTOCOL-ICMP tfn2k icmp possible communication
sid 222 format snort
snort-community attempted-dos
MALWARE-OTHER Trin00 Daemon to Master PONG message detected
sid 223 format snort
snort-community attempted-dos
PROTOCOL-ICMP Stacheldraht server spoof
sid 224 format snort
snort-community attempted-dos
PROTOCOL-ICMP Stacheldraht gag server response
sid 225 format snort
snort-community attempted-dos
PROTOCOL-ICMP Stacheldraht server response
sid 226 format snort
snort-community attempted-dos
PROTOCOL-ICMP Stacheldraht client spoofworks
sid 227 format snort
snort-community attempted-dos
PROTOCOL-ICMP TFN client command BE
sid 228 format snort
snort-community attempted-dos
PROTOCOL-ICMP Stacheldraht client check skillz
sid 229 format snort
snort-community attempted-dos
MALWARE-OTHER shaft client login to handler
sid 230 format snort
snort-community attempted-dos
MALWARE-OTHER Trin00 Daemon to Master message detected
sid 231 format snort
snort-community attempted-dos
MALWARE-OTHER Trin00 Daemon to Master *HELLO* message detected
sid 232 format snort
snort-community attempted-dos
MALWARE-OTHER Trin00 Attacker to Master default startup password
sid 233 format snort
snort-community attempted-dos
MALWARE-OTHER Trin00 Attacker to Master default password
sid 234 format snort
snort-community attempted-dos
MALWARE-OTHER Trin00 Attacker to Master default mdie password
sid 235 format snort
snort-community attempted-dos
PROTOCOL-ICMP Stacheldraht client check gag
sid 236 format snort
snort-community attempted-dos
MALWARE-OTHER Trin00 Master to Daemon default password attempt
sid 237 format snort
Showing 1-50 of 4,007
Prev 1 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh