<div dir="ltr">A quick grep of the ETPRO signature set almost 4800 active SQL signatures for various web applications and attack methods.<div><br></div><div>Many SQL injection signatures are also present within the ET OPEN/GPL rulesets. I would recommend running a pcap with the traffic you are interested in detecting against the ET OPEN rules (<a href="https://rules.emergingthreats.net/open/">https://rules.emergingthreats.net/open/</a>). If you find that attacks are not covered, please feel free to reach out with a pcap to the Emerging Threats community list (<a href="https://lists.emergingthreats.net/mailman/listinfo">https://lists.emergingthreats.net/mailman/listinfo</a>) and we will do our very best to get the malicious traffic covered for you and put it in the ET OPEN ruleset for all to benefit from.</div><div><br></div><div>Thanks!</div><div><br></div><div>Jason Williams</div><div>Emerging Threats / Proofpoint</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 10, 2017 at 12:21 PM, Yasha Zislin <span dir="ltr"><<a href="mailto:coolyasha@hotmail.com" target="_blank">coolyasha@hotmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div id="m_6391497277581688566divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif" dir="ltr">
<p>Hi,</p>
<p><br>
</p>
<p>With ETpro default ruleset, can Suricata detect SQL injection scan/attack which would be performed with Kali's SQLMAP?</p>
<p><br>
</p>
<p>Thanks.</p>
</div>
</div>
<br>______________________________<wbr>_________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
<br></blockquote></div><br></div>