How to detect log4shell in the application logs?

Kosodrom · December 15, 2021, 10:40am

Hi folks,

I wonder if anyone of you guys have already tried to find possible log4shell exploit based on the logs in your elastic cluster using kibana. I am aware that this can be done using the Elastic Security as described here: Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security | Elastic Blog

But for those you must have a auditbeat or endgame infrastructure setup, which I do not have for example.

But I also think there should be a possibility to detect this vulnarability based on the plain applcation logs (for example collected from a kubernetes cluster)?

Any ideas on that how to achive this?

Thanks

system · January 12, 2022, 10:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security Elastic Security	1	353	January 13, 2022
Detection rules for Log4J?s Elastic Security	4	866	January 14, 2022
CVE-2021-44228 aka log4shell is logstash and/or elasticsearch affected? Logstash	15	13655	January 12, 2022
DockerHub showing Log4Shell vulnerability on supported version Elasticsearch docker	2	1117	January 17, 2022
Log4j CVE-2021-44832 (released 28th dec) - is ES vulnerable? Elasticsearch	10	6648	February 7, 2022

How to detect log4shell in the application logs?

Related topics