Log4j_RCE_Exploit
ID: 100484
Description:
detect exploit attempts against log4j RCE vulnerability CVE-2021-44228
Repository: Fluency Group: System Type: event
Default Status:
Enabled
Selector:
Query:
| /${jndi:(ldap | ldaps | rmi | dns):\// OR /${[^}]${[^}]}/ |
Filters:
Behavior Rule:
| Key | Type | Behavior Category |
| @sender | asset | security alert |
Risks:
| Risks | Base Score | Dimension |
| ALERT_NORMAL | 100 | alert |
Attributes:
| Alias | Key |
| Sender | @sender |
| Source | @source |
| EventType | @event_type |
| Message | @message |
Correlation Rules:
History:
| User | Date |
| ku*n@fluencysecurity.com | 2021 Dec 16 09:03:11 EST |
| ho*d@fluencysecurity.com | 2022 Mar 4 12:58:44 EST |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)