Security Onion Blog

Thursday, December 23, 2021

Detecting Log4j Exploitation Attempts via Zeek in Security Onion

Corelight has developed a Zeek package to detect log4j exploitation attempts:

https://github.com/corelight/cve-2021-44228

This package contains Zeek scripts which can easily be loaded into your Security Onion deployment. We've documented this process here:

https://docs.securityonion.net/en/2.3/zeek.html#custom-script-example-log4j

After following this process, we ran so-import-pcap on the log4j pcap from https://www.malware-traffic-analysis.net/2021/12/14/index.html:



at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Quick Malware Analysis: SMARTAPESG / NETSUPPORT RAT / STEALC pcap from 2025-03-26

Thanks to Brad Duncan for sharing this pcap from 2025-03-26 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive