Azure WAF Log4j CVE-2021-44228 hunting

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

This hunting query searches possible exploitation attempts for CVE-2021-44228 involving log4j vulnerability in Azure Web Application Firewall logs.

Attribute	Value
Type	Hunting Query
Solution	Apache Log4j Vulnerability Detection
ID	`1d4d383e-0ca6-4d3a-a861-8f37aeef18cb`
Tactics	InitialAccess
Techniques	T1190
Required Connectors	WAF
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
`AzureDiagnostics` 🔶	`Category in "ApplicationGatewayAccessLog,ApplicationGatewayFirewallLog,FrontdoorAccessLog,FrontdoorWebApplicationFirewallLog"`	?	✗	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Apache Log4j Vulnerability Detection