Knowledge Base

Access official resources from Carbon Black experts

Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Environment

EEDR: All Versions
EDR: All Versions
HEDR: All Versions

Question

Are there threat intel feeds for CVE-2021-44228 (Log4j)?

Answer

Carbon Black Temporarily added the following short-term feeds; however, these feeds have since been removed from the CBKnownIOCs feed. Any further Log4J Vulnerability information will be found in this location: Detecting Log4j Vulnerabilities with Carbon Black Cloud Vulnerability Management

Title: log4j Azure-Sentinel IOCs

Query: Contains IPs of known log4j attackers, sourced from the Azure Sentinel feed, located here: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv

Title: log4j GreyNoise IOCs

Query: Contains IPs of known log4j attackers, sourced from the Critical Path Security feed, located here: https://github.com/CriticalPathSecurity/Public-Intelligence-Feeds/blob/master/log4j.txt

Additional Notes

For more information see: Deployment - VMware Enterprise EEDR & EDR Detections

Related Content

Deployment - VMware Enterprise EEDR & EDR Detections
All Products: Where Can I find Information on CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE...
App Control: Is Application Control affected by the LOG4J vulnerability?
Log4Shell - Log4j Remote Code Execution (CVE-2021-44228)

Article Information

Author:

Creation Date:

‎12-13-2021

Views:

1154