Hi Byrona,
There is actually a sql injection rule already in place within LEM. Basically the rule analyzes web traffic from firewalls, ids/ips, and other devices looking for those injection vectors within the list. Let me know if you need more info on this.
Thanks!
Gretchen