Latest Version 1.1
May 20, 2014
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
SQL Injection Search
SQL Injection search is an application template for you to use to search for possible SQL injection in your events. It uses two macros. One is called sqlinjection_pattern(sourcetype, uri query field) which looks for patterns in your URI Query field to see if someone has injected them with SQL statements.
Built by Nimish Doshi
Compatibility
Not Available
Rating
0
(0)
Log in to rate this app
Support
Not Supported
SQL Injection search is an application template for you to use to search for possible SQL injection in your events. It uses two macros. One is called sqlinjection_pattern(sourcetype, uri query field) which looks for patterns in your URI Query field to see if someone has injected them with SQL statements.
Because it is difficult to point out every SQL pattern that may be used, another method suggested by Monzy Merza is to use standard deviations that are 2.5 times greater than the average length of your URI Query Field. The sqlinjection_stats(sourcetype, uri query field) macro is used to detect this. Simply copy macros.conf from default to the app's local directory and change the macro's where clause to match what may be typical of your own web site to find outliers.
A combination of both these macros will help you find possible SQL Injection
attempts. Read the included README.txt for usage.
Categories
Created By
Nimish Doshi
Type
app
Downloads
2,937
Licensing
Splunk Answers
Resources
Log in to report this app listing