Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security

jbal24 · December 16, 2021, 10:56am

Hi everyone,

I would like to check with you one thing, we use our corporate Elastic as a SIEM using the security feature.

We have seen this blog about: Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security

We are using filebeat and windlogsbeat to ingest elastic.

Do you know if it is possible for us to implement this detections rules or it needs another feature to configure these rules?

Like Endpoint security, Endgame, audit beat....

system · January 13, 2022, 10:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Detection rules for Log4J?s Elastic Security	4	860	January 14, 2022
Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? Elasticsearch	10	6638	February 7, 2022
Is Elasticsearch affected by CVE-2021-45046 - a second vulnerability in log4j? Elasticsearch	2	5951	January 12, 2022
Does Log4j vulnerability (CVE-2021-44228) is impacted for ES v7.5.2? Elasticsearch	2	1268	January 17, 2022
Log4j Critical Vulnerability Elastic Security	2	2766	January 7, 2022