I am curious how you would configure a LEM correlation rule to capture a SQL injection attack? I see that there is a User Defined Group called "XSS and SQL Injection Vectors" but I am not sure exactly how I would build that into a correlation rule. I tried using it in an nDepth search and it generated an error.
↧