diff --git a/policy/http/detect.bro b/policy/http/detect-sqli.bro
similarity index 80%
rename from policy/http/detect.bro
rename to policy/http/detect-sqli.bro
index 611887e99d..8945405ea8 100644
--- a/policy/http/detect.bro
+++ b/policy/http/detect-sqli.bro
@@ -1,24 +1,25 @@
-## Behavioral and scripted detections in HTTP.
+##! SQL injection detection in HTTP.
+
 @load http/base
 @load notice
 
 module HTTP;
 
 redef enum Notice::Type += {
-	HTTP_SQL_Injection_Request,
+	SQL_Injection_Attack,
+};
+
+redef enum Tags += {
+	## Indicator of a URI based SQL injection attack.
+	URI_SQLI,
+	## Indicator of client body based SQL injection attack.  This is 
+	## typically the body content of a POST request. Not implemented yet!
+	POST_SQLI,
+	## Indicator of a cookie based SQL injection attack. Not implemented yet!
+	COOKIE_SQLI,
 };
 
 export {
-	redef enum Tags += {
-		## Indicator of a URI based SQL injection attack.
-		URI_SQLI,
-		## Indicator of client body based SQL injection attack.  This is 
-		## typically the body content of a POST request.
-		POST_SQLI,
-		## Indicator of a cookie based SQL injection attack.
-		COOKIE_SQLI,
-	};
-
 	## This regular expression is used to match URI based SQL injections
 	const match_sql_injection_uri = 
 		/[\?&][^[:blank:]\|]+?=[\-0-9%]+([[:blank:]]|\/\*.*?\*\/)*['"]?([[:blank:]]|\/\*.*?\*\/|\)?;)+([hH][aA][vV][iI][nN][gG]|[uU][nN][iI][oO][nN]|[eE][xX][eE][cC]|[sS][eE][lL][eE][cC][tT]|[dD][eE][lL][eE][tT][eE]|[dD][rR][oO][pP]|[dD][eE][cC][lL][aA][rR][eE]|[cC][rR][eE][aA][tT][eE]|[iI][nN][sS][eE][rR][tT])[^a-zA-Z&]/
@@ -29,7 +30,7 @@ export {
 }
 
 event http_request(c: connection, method: string, original_URI: string,
-                   unescaped_URI: string, version: string) &priority=2
+                   unescaped_URI: string, version: string) &priority=3
 	{
 	if ( match_sql_injection_uri in unescaped_URI )
 		add c$http$tags[URI_SQLI];