[Oisf-users] SQL Injection detection

Jason Williams jwilliams at emergingthreats.net
Mon Apr 10 18:27:37 UTC 2017


A quick grep of the ETPRO signature set almost 4800 active SQL signatures
for various web applications and attack methods.

Many SQL injection signatures are also present within the ET OPEN/GPL
rulesets. I would recommend running a pcap with the traffic you are
interested in detecting against the ET OPEN rules (
https://rules.emergingthreats.net/open/). If you find that attacks are not
covered, please feel free to reach out with a pcap to the Emerging Threats
community list (https://lists.emergingthreats.net/mailman/listinfo) and we
will do our very best to get the malicious traffic covered for you and put
it in the ET OPEN ruleset for all to benefit from.

Thanks!

Jason Williams
Emerging Threats / Proofpoint

On Mon, Apr 10, 2017 at 12:21 PM, Yasha Zislin <coolyasha at hotmail.com>
wrote:

> Hi,
>
>
> With ETpro default ruleset, can Suricata detect SQL injection scan/attack
> which would be performed with Kali's SQLMAP?
>
>
> Thanks.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170410/dd7c2f13/attachment-0002.html>


More information about the Oisf-users mailing list