{ "timestamp": "2026-06-06T11:09:44.300+0000", "rule": { "level": 6, "description": "SQL injection attempt detected.", "id": "31103", "groups": ["web", "attack", "sql_injection"], "mitre": {"id": ["T1190"], "tactic": ["Initial Access"], "technique": ["Exploit Public-Facing Application"]} }, "agent": {"id": "002", "name": "web-app-prod"}, "data": {"srcip": "198.51.100.77", "url": "/produits.php?id=1%27%20OR%20%271%27%3D%271"}, "full_log": "198.51.100.77 - - [06/Jun/2026:11:09:44] \"GET /produits.php?id=1' OR '1'='1 HTTP/1.1\" 200 5123" }