Hi everyone,
I would like to check with you one thing, we use our corporate Elastic as a SIEM using the security feature.
We have seen this blog about: Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security
We are using filebeat and windlogsbeat to ingest elastic.
Do you know if it is possible for us to implement this detections rules or it needs another feature to configure these rules?
Like Endpoint security, Endgame, audit beat....