<  Back to rules search

Log4Shell Scanning Detected

Set up the nginx integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when a Log4j scanning attempt occurs in your environment.

Strategy

Regex search on logs to find specific payloads indicative of Log4j scanning.

Triage and response

  1. Investigate if the host is running a vulnerable version of the Log4j Java library
  2. Use the Log4j Investigation Dashboard to conduct impact analysis
  3. Explore what other services the attacker hit in the last day - Linked to investigation query
  4. Explore Java logs associated with the attacker - linked to investigation query