Security Onion Blog

Thursday, December 23, 2021

Detecting Log4j Exploitation Attempts via Zeek in Security Onion

Corelight has developed a Zeek package to detect log4j exploitation attempts:

https://github.com/corelight/cve-2021-44228

This package contains Zeek scripts which can easily be loaded into your Security Onion deployment. We've documented this process here:

https://docs.securityonion.net/en/2.3/zeek.html#custom-script-example-log4j

After following this process, we ran so-import-pcap on the log4j pcap from https://www.malware-traffic-analysis.net/2021/12/14/index.html:



at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.140 now available including Suricata 7.0.9, Zeek 7.0.6, and much more!

Security Onion 2.4.140 is now available including Suricata 7.0.9, Zeek 7.0.6, and much more! Component Updates The main focus of this releas...

Popular Posts

  • Security Onion 2.4 Base OS
    Introduction Recent events have forced us to change course on the base operating system (OS) for Security Onion 2.4.  On 6/21/2023, Red Hat ...
  • Security Advisory for Squert
    Introduction Jeffrey Medsger reported several command injection and SQL injection vulnerabilities in Squert.  Wes Lambert also discovered s...
  • Community Webinars featuring Security Onion
    Thanks to all who attended the Zeek webinar on May 27! For those weren't able to join, the recording should be available soon and we wi...

Blog Archive