In one of our asp.net web application, we found a following entry in IIS log.
2018-02-20 03:06:25 172.16.3.101 GET / _event_transid=1555077557&_event_clientip=117.212.38.55&_event_clientport=52372&_event_attackname=SQL+Injection&_event_threatcategory=Injections 80 - 117.212.38.55 AppWall 200 0 0 0
This happens randomly for a genuine URL request from the user. What is the reason for this entry.