Try in Splunk Security Cloud


Use the searches in this Analytic Story to help you detect structured query language (SQL) injection attempts characterized by long URLs that contain malicious parameters.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Web
  • Last Updated: 2017-09-19
  • Author: Bhavin Patel, Splunk
  • ID: 4f6632f5-449c-4686-80df-57625f59bab3


It is very common for attackers to inject SQL parameters into vulnerable web applications, which then interpret the malicious SQL statements. This Analytic Story contains a search designed to identify attempts by attackers to leverage this technique to compromise a host and gain a foothold in the target environment.


Name Technique Type
SQL Injection with Long URLs Exploit Public-Facing Application TTP


source | version: 1