Security Onion Blog

Thursday, December 23, 2021

Detecting Log4j Exploitation Attempts via Zeek in Security Onion

Corelight has developed a Zeek package to detect log4j exploitation attempts:

https://github.com/corelight/cve-2021-44228

This package contains Zeek scripts which can easily be loaded into your Security Onion deployment. We've documented this process here:

https://docs.securityonion.net/en/2.3/zeek.html#custom-script-example-log4j

After following this process, we ran so-import-pcap on the log4j pcap from https://www.malware-traffic-analysis.net/2021/12/14/index.html:



at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive