· 7 years ago · Dec 10, 2017, 04:22 PM
1# HTTP POST Sqlmap attack
2alert tcp any any -> 192.168.11.2 80 ( \
3msg: "Bank Oceanic HTTP POST Sqlmap attack"; \
4uricontent: "/accounts/loginproc.php"; nocase; \
5content: "POST"; nocase; \
6content: "username"; nocase; \
7threshold: type both, track by_src, count 15, seconds 1; \
8sid:000000005; )