Log4j vulnerability exploit aka Log4Shell IP IOC

Charles Orisafele 0 Reputation points
2023-08-25T10:39:45.1566667+00:00

Hello All,

I have received a series of "Log4j vulnerability exploit aka Log4Shell IP IOC" incidents on sentinel which actually is the first time I am having these alerts.

Just wondering if there is anyone out there who understands this alert that could share some more information about it.

Thank you so much.

Regards,

Charles

Microsoft Security Microsoft Sentinel
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2023-08-28T19:56:09.82+00:00

    @Charles Orisafele

    Thank you for your post and I apologize for the delayed response!

    Sentinel Incident:

    I understand that you're receiving a series of Log4j vulnerability incidents within Microsoft Sentinel and would like to gain a better understanding of this. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.


    Findings:

    The Log4j incident that you're receiving within Microsoft Sentinel is related to the Apache Log4j vulnerability that was recently discovered which allows attackers to remotely execute code on affected systems.

    When it comes to the Incident that you received, if you have any analytics rules or solutions related to Log4j vulnerability detection configured within Microsoft Sentinel, this would be indicating that the Log4j vulnerability was detected within your environment - Log4j IOC List

    Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability:

    The remote code execution (RCE) vulnerabilities in Apache Log4j 2 referred to as “Log4Shell” has presented a new attack vector and gained broad attention due to its severity and potential for widespread exploitation. The majority of attacks we have observed so far have been mainly mass-scanning, coin mining, establishing remote shells, and red-team activity, but it’s highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits.

    I hope this helps!


    Additional Links:

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.