![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 54%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECO%3C/text%3E%3C/svg%3E)
1,299 questions
Thank you for your post and I apologize for the delayed response!
Sentinel Incident:
I understand that you're receiving a series of Log4j vulnerability incidents within Microsoft Sentinel and would like to gain a better understanding of this. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.
Findings:
The Log4j incident that you're receiving within Microsoft Sentinel is related to the Apache Log4j vulnerability that was recently discovered which allows attackers to remotely execute code on affected systems.
When it comes to the Incident that you received, if you have any analytics rules or solutions related to Log4j vulnerability detection configured within Microsoft Sentinel, this would be indicating that the Log4j vulnerability was detected within your environment - Log4j IOC List
- For more info - Apache Log4j Vulnerability Detection Analytic Rule
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability:
The remote code execution (RCE) vulnerabilities in Apache Log4j 2 referred to as “Log4Shell” has presented a new attack vector and gained broad attention due to its severity and potential for widespread exploitation. The majority of attacks we have observed so far have been mainly mass-scanning, coin mining, establishing remote shells, and red-team activity, but it’s highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits.
I hope this helps!
Additional Links:
- Install the Log4j Vulnerability Detection solution from the content hub
- Log4J_IPIOC_Dec112021.yaml
- Investigate incidents with Microsoft Sentinel
- Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
- Microsoft Sentinel and Microsoft 365 Defender GitHub Repo
- GitHub Issue - Log4j vulnerability exploit aka Log4Shell IP IOC #3754
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.