[Bro] [bro] SQL InjectionVictim

Tim Desrochers tgdesrochers at gmail.com
Sat Sep 17 06:30:05 PDT 2016

I seem to get a lot of notices for SQL Injection Victim with the Address
field as an external IP, a lot of times Amazon, or another large host.  Why
is this finding "Victims" that are not in my internal network as defined in

Is there a way get this to only send notices when an internal host has an
SQL attack?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160917/8da11a0e/attachment-0001.html 

More information about the Bro mailing list