How to detect log4shell in the application logs?

Hi folks,

I wonder if anyone of you guys have already tried to find possible log4shell exploit based on the logs in your elastic cluster using kibana. I am aware that this can be done using the Elastic Security as described here: Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security | Elastic Blog

But for those you must have a auditbeat or endgame infrastructure setup, which I do not have for example.

But I also think there should be a possibility to detect this vulnarability based on the plain applcation logs (for example collected from a kubernetes cluster)?

Any ideas on that how to achive this?

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.