Turning SQL Injection Detection into a Real SOC Alert

From search to alert I already had a search that reliably detected SQL injection–style URL parameters like id=, query=, and search=. Instead of modifying it heavily, I kept the logic simple and focused on reliability. The same detection query was reu...