Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query uses various log sources having user agent data to look for log4j CVE-2021-44228 exploitation attempt based on user agent pattern. Log4j is an open-source Apache logging library that is used in many Java-based applications. The regex and the string matching look for the most common attacks. This might not be comprehensive to detect every possible user agent variation. Reference: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Apache Log4j Vulnerability Detection |
| ID | 29283b22-a1c0-4d16-b0a9-3460b655a46a |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | SquidProxy, Zscaler, WAF, Office365, AzureActiveDirectory, AzureActiveDirectory, AWS, AzureMonitor(IIS) |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AADNonInteractiveUserSignInLogs |
✓ | ✗ | ? |
AWSCloudTrail |
✓ | ✓ | ? |
AzureDiagnostics 🔶 |
? | ✗ | ? |
OfficeActivity |
✓ | ✗ | ? |
SigninLogs |
✓ | ✗ | ? |
W3CIISLog |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Apache Log4j Vulnerability Detection