Security Onion Blog

Thursday, December 23, 2021

Detecting Log4j Exploitation Attempts via Zeek in Security Onion

Corelight has developed a Zeek package to detect log4j exploitation attempts:

https://github.com/corelight/cve-2021-44228

This package contains Zeek scripts which can easily be loaded into your Security Onion deployment. We've documented this process here:

https://docs.securityonion.net/en/2.3/zeek.html#custom-script-example-log4j

After following this process, we ran so-import-pcap on the log4j pcap from https://www.malware-traffic-analysis.net/2021/12/14/index.html:



at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Early Bird Discount for upcoming Security Onion Fundamentals Class

Our popular "Security Onion Fundamentals" class will be running Tuesday February 24 through Friday February 27, 2026 in San Antoni...

Popular Posts

Blog Archive