Thursday, December 23, 2021

Detecting Log4j Exploitation Attempts via Zeek in Security Onion

Corelight has developed a Zeek package to detect log4j exploitation attempts:

This package contains Zeek scripts which can easily be loaded into your Security Onion deployment. We've documented this process here:

After following this process, we ran so-import-pcap on the log4j pcap from

No comments:

Search This Blog

Featured Post

Security Onion 2.3 has reached End Of Life

On 10/6/2023, we announced a 6-month EOL notice for Security Onion 2.3:

Popular Posts

Blog Archive