Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query detects outbound network connections using the LDAP protocol to external IP addresses that have not had an LDAP network connection in the past 14 days. This could indicate exploitation of CVE-2021-44228 vulnerability.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Apache Log4j Vulnerability Detection |
| ID | bf094505-fd2e-484f-b72a-acd79ee00ce8 |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | CheckPoint, CiscoASA, CiscoAsaAma, PaloAltoNetworks |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CommonSecurityLog |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Apache Log4j Vulnerability Detection