What’s New: Using Microsoft Sentinel to detect Apache Log4j vulnerabilities

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Microsoft's security research teams have been tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell” and tracked as CVE-2021-44228. The vulnerability allows unauthenticated remote code execution and is triggered when a specially crafted string provided by the attacker through a variety of different input vectors is parsed and processed by the Log4j 2 vulnerable component.

 

A new Microsoft Sentinel solution has been added to the Content Hub that provides content to monitor, detect and investigate signals related to exploitation of the recently disclosed Log4j vulnerability.

 

content hub install 2.png

 

For technical and mitigation information about the vulnerability, please read:

 

Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation - Microsoft Security Blog

 

 

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.