security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #2441 from SigmaHQ/rule-devel

Browse Source 
Log4Shell - more patterns
This commit is contained in:
Florian Roth
2021-12-12 21:20:43 +01:00
committed by GitHub
parent 2f43e6815b 31ddcd4a0d
commit 98f5df89bb
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/web/web_cve_2021_44228_log4j.yml
+2
View File
@@ -34,6 +34,8 @@ detection:
- '${jndi:nds'
- '${jndi:corba'
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
condition: keywords
falsepositives:
- Vulnerability scanning
rules/web/web_cve_2021_44228_log4j_fields.yml
+8
View File
@@ -35,6 +35,8 @@ detection:
- '${jndi:nds'
- '${jndi:corba'
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
user-agent|contains:
- '${jndi:ldap:/'
- '${jndi:rmi:/'
@@ -51,6 +53,8 @@ detection:
- '${jndi:nds'
- '${jndi:corba'
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
cs-uri|contains:
- '${jndi:ldap:/'
- '${jndi:rmi:/'
@@ -67,6 +71,8 @@ detection:
- '${jndi:nds'
- '${jndi:corba'
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
cs-referrer|contains:
- '${jndi:ldap:/'
- '${jndi:rmi:/'
@@ -83,6 +89,8 @@ detection:
- '${jndi:nds'
- '${jndi:corba'
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
condition: selection
falsepositives:
- Vulnerability scanning