Log4j vulnerability exploit aka Log4Shell IP IOC

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies a match across various data feeds for IP IOCs related to the Log4j vulnerability exploit aka Log4Shell described in CVE-2021-44228. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228

Attribute	Value
Type	Analytic Rule
Solution	Apache Log4j Vulnerability Detection
ID	6e575295-a7e6-464c-8192-3e1d8fd6a990
Severity	High
Status	Available
Kind	Scheduled
Tactics	CommandAndControl
Techniques	T1071
Required Connectors	Office365, DNS, AzureMonitor(VMInsights), CiscoASA, CiscoAsaAma, PaloAltoNetworks, SecurityEvents, AzureActiveDirectory, AzureActiveDirectory, AzureMonitor(WireData), AzureMonitor(IIS), AzureActivity, AWS, MicrosoftThreatProtection, AzureFirewall
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AADNonInteractiveUserSignInLogs		✓	✗	?
AWSCloudTrail		✓	✓	?
AzureActivity		?	✗	?
AzureDiagnostics 🔶	Category in "AzureFirewallApplicationRule,AzureFirewallNetworkRule" ResourceType == "AZUREFIREWALLS"	?	✗	?
CommonSecurityLog		✓	✓	?
DeviceNetworkEvents	ActionType == "InboundConnectionAccepted"	✓	✗	?
DnsEvents		✓	✗	?
Event	EventID == "3" Source == "Microsoft-Windows-Sysmon"	✓	✓	?
OfficeActivity		✓	✗	?
SigninLogs		✓	✗	?
VMConnection		?	✗	?
W3CIISLog		✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Apache Log4j Vulnerability Detection