Security Onion Blog

Thursday, December 23, 2021

Detecting Log4j Exploitation Attempts via Zeek in Security Onion

Corelight has developed a Zeek package to detect log4j exploitation attempts:

https://github.com/corelight/cve-2021-44228

This package contains Zeek scripts which can easily be loaded into your Security Onion deployment. We've documented this process here:

https://docs.securityonion.net/en/2.3/zeek.html#custom-script-example-log4j

After following this process, we ran so-import-pcap on the log4j pcap from https://www.malware-traffic-analysis.net/2021/12/14/index.html:



at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.180 now available including new features, updated components, and quality of life improvements!

Security Onion 2.4.180 is now available and includes several new features, updated components, and many quality of life improvements! For Se...

Popular Posts

Blog Archive