Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

Microsoft's security research teams have been tracking threats taking advantage of CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell”. The vulnerability allows unauthenticated remote code execution, and it is triggered when a specially crafted string provided by the attacker through a variety of different input vectors is parsed and processed by the Log4j 2 vulnerable component. For more technical and mitigation information about the vulnerability, please read the Microsoft Security Response Center blog. This solution provides content to monitor, detect and investigate signals related to exploitation of this vulnerability in Microsoft Sentinel.

Prerequisite :-

This is a domain solution and does not include any data connectors. Install one or more of the listed solutions, or develop your custom ASIM parsers to unlock the value provided by this solution.

1. Azure Web Application Firewall (WAF)
2. Microsoft 365
3. Windows Server DNS
4. CiscoASA
5. PaloAlto-PAN-OS
6. Microsoft Entra ID
7. Azure Activity
8. Amazon Web Services
9. Azure Firewall
10. SquidProxy
11. Zscaler Private Access (ZPA)
12. Syslog
13. Check Point
14. Microsoft Defender XDR

Workbooks: 2, Analytic Rules: 4, Hunting Queries: 10, Watchlists: 1, Playbooks: 2

Learn more about Microsoft Sentinel | Learn more about Solutions