Malicious Connection to LDAP port for CVE-2021-44228 vulnerability

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This query detects exploitation attempts for CVE-2021-44228 involving log4j vulnerability by looking for connections to default LDAP ports.

Attribute Value
Type Hunting Query
Solution Apache Log4j Vulnerability Detection
ID 19abc034-139e-4e64-a05d-cb07ce8b003b
Tactics CommandAndControl
Techniques T1071
Required Connectors MicrosoftThreatProtection, AzureMonitor(VMInsights)
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
DeviceNetworkEvents ?
VMConnection ? ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Hunting Queries · Back to Apache Log4j Vulnerability Detection