AWS WAF Managed SQL Database Passthrough Rule is a high-severity detection that monitors AWS WAF logs for matches against the AWS managed SQLi rule set. It flags HTTP requests that trigger the AWS-AWSManagedRulesSQLiRuleSet and/or expose ruleGroupList entries such as SQLi_QUERYARGUMENTS, SQLi_COOKIE, and SQLiExtendedPatterns_BODY, covering SQL injection indicators across URI path, query arguments, request body, and cookies. The rule is designed to detect extended SQLi patterns not covered by the Core Rule Set and supports both terminating (BLOCK) actions and non-terminating patterns (COUNT). It maps detections to MITRE ATT&CK TA0001:T1190 (SQL Injection). Tests demonstrate blocked and counted hits by various groupings, including query arguments, cookies, and extended body patterns, as well as cases with non-triggering rule groups and normal traffic.