EEDR and EDR: Are There Threat Intel Feeds for CVE-2021-44228 (Log4j)?

search cancel

EEDR and EDR: Are There Threat Intel Feeds for CVE-2021-44228 (Log4j)?

book

Article ID: 291619

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

Are there threat intel feeds for CVE-2021-44228 (Log4j)?

Environment

EEDR: All Versions
EDR: All Versions
HEDR: All Versions

Resolution

Carbon Black Temporarily added the following short-term feeds; however, these feeds have since been removed from the CBKnownIOCs feed. Any further Log4J Vulnerability information will be found in this location: https://community.carbonblack.com/t5/Threat-Research-Docs/Detecting-Log4j-Vulnerabilities-with-Carbon-Black-Cloud/ta-p/109510

Title: log4j Azure-Sentinel IOCs

Query: Contains IPs of known log4j attackers, sourced from the Azure Sentinel feed, located here: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv

Title: log4j GreyNoise IOCs

Query: Contains IPs of known log4j attackers, sourced from the Critical Path Security feed, located here: https://github.com/CriticalPathSecurity/Public-Intelligence-Feeds/blob/master/log4j.txt

Additional Information

For more information see: Deployment - VMware Enterprise EEDR & EDR Detections

Feedback

thumb_up Yes

thumb_down No