pip install requests
python scripts/agent.py --log-file /var/log/modsec_audit.log --format modsecurity --output sqli_report.json
Rule 942100 triggered: SQL Injection Attack Detected via libinjection
URI: /api/users?id=1' UNION SELECT username,password FROM users--
Source IP: 203.0.113.42 (47 requests in 5 minutes)
Classification: UNION-based SQLi campaign