Log4j Splunk Investigation

Description

Published in response to CVE-2021-44228, this playbook utilizes data already in your Splunk environment to help investigate and remediate impacts caused by this vulnerability in your environment.

Type: Investigation
Product: Splunk SOAR
Apps: Splunk
Last Updated: 2021-12-14
Author: Lou Stella, Splunk
ID: fc0adc66-ff2b-48b0-9a6f-63da6783fd63
Use-cases:

Associated Detections

How To Implement

This playbook presumes you have Enterprise Security and have configured Assets & Identities, as well as the Endpoint.Processes datamodel

Explore Playbook

Required field

hostName
destinationAddress

Reference

https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html

source | version: 1

Twitter Facebook LinkedIn

Log4j Splunk Investigation

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

O365 New Forwarding Mailflow Rule Created

Okta Successful Single Factor Authentication

Windows Unsigned MS DLL Side-Loading

Windows Rename System Utilities Agentexecutor exe LOLBAS in Non Standard Path