I have tried searching the existing questions and discussions and have not really found a complete answer.
I have found in LEM the existing item under groups called "XSS and SQL Injection Vectors". (For some reason it is listed under User Defined Group.
I have created a rule template called "Template: SQL Injection Attempt" and cloned that to a rule called "SQL Injection Attempt". I added a email notification and then enabled the rule.
The thing is I can not tell if it is working correctly. Is there a way to setup a test, or test that rule against last weeks data?