API

HTTP requests containing Log4Shell JNDI injection patterns

Docs > Plateforme de sécurité Datadog > OOTB Rules > HTTP requests containing Log4Shell JNDI injection patterns

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1190-exploit-public-facing-application

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect HTTP requests containing Log4Shell-style JNDI lookup strings in the query string, path, headers, or user agent.

Strategy

This rule monitors OCSF HTTP activity for JNDI injection patterns across multiple request attributes, grouped by @ocsf.src_endpoint.ip.

Triage and response

Confirm whether affected systems run vulnerable Log4j versions and whether lookups could have been evaluated.
Apply vendor patches or mitigations for affected production assets.

HTTP requests containing Log4Shell JNDI injection patterns

Goal

Strategy

Triage and response

How can I help you today?