Automating & Speeding Your Response to Log4J Vulnerability
Dec 13, 2021
1 minutes
16 views
This post is also available in: 简体中文 (Chinese (Simplified)) 日本語 (Japanese)
Given the ubiquity of the Apache Log4J library in apps, you are in a dead heat to find and fix the vulnerability before it can be exploited.
Cortex XSOAR has created a first responder kit that helps you automate and speed your response. Here are some steps from the playbook:
- Data extraction & enrichment—collection of indicators suspected of trying to exploit the relevant CVEs such as CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105
- Threat hunting—searching for IOCs across your SIEMs, Palo Alto Networks Panorama and XDR including advanced hunting for behavioral detection with Splunk and QRadar, hunting for Palo Alto Networks IPS signature with Panorama, hunting for known exploitation patterns on your servers using Cortex XDR
- Remediation—initiate blocking via firewall EDLs or manually, collect and present available detection rules and signatures
- Mitigation—provide Unit42 recommendations and links to the patch for further analyst investigations
Apache Log4j RCE CVE-2021-44228 Content Pack
More details on this vulnerability can be found in our Unit 42 blog.
You can view and download the playbook content pack in our Cortex XSOAR Marketplace. If you do not have Cortex XSOAR, you can get our free Community Edition.
Related Blogs
Our library of online content is here to help you learn more, no matter what format you prefer or which topic interests you most.
Subscribe to Security Operations Blogs!
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.