security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more Log4Shell patterns

Browse Source
This commit is contained in:
Florian Roth
2021-12-12 21:27:01 +01:00
parent 31ddcd4a0d
commit d8613fedfe
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/web/web_cve_2021_44228_log4j.yml
+1
View File
@@ -36,6 +36,7 @@ detection:
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
- '${base64:JHtqbmRp'
condition: keywords
falsepositives:
- Vulnerability scanning
rules/web/web_cve_2021_44228_log4j_fields.yml
+4
View File
@@ -37,6 +37,7 @@ detection:
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
- '${base64:JHtqbmRp'
user-agent|contains:
- '${jndi:ldap:/'
- '${jndi:rmi:/'
@@ -55,6 +56,7 @@ detection:
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
- '${base64:JHtqbmRp'
cs-uri|contains:
- '${jndi:ldap:/'
- '${jndi:rmi:/'
@@ -73,6 +75,7 @@ detection:
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
- '${base64:JHtqbmRp'
cs-referrer|contains:
- '${jndi:ldap:/'
- '${jndi:rmi:/'
@@ -91,6 +94,7 @@ detection:
- '${jndi:iiop'
- '${${env:BARFOO:-j}'
- '${::-l}${::-d}${::-a}${::-p}'
- '${base64:JHtqbmRp'
condition: selection
falsepositives:
- Vulnerability scanning