Hi all,
Would anyone have ideas how to search for the latest log4j DOS exploit, example payload: "${${::-${::-$${::-j}}}}"? We are having trouble escaping the characters in a KQL search however open to a EQL search across all indices as well if that would work better.
Here is a blog post for detecting log4j exploit with elastic security Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security | Elastic Blog
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.