Skip to content

OpenIOC rules to facilitate hunting for indicators of compromise

Notifications You must be signed in to change notification settings

fireeye/CVE-2021-44228

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 

Repository files navigation

Overview

This repository contains OpenIOC rules to facilitate hunting for indicators of compromise related to the Apache Log4j 2 remote code execution vulnerability (CVE-2021-44228).

These rules are considered hunting rules and as such detection efficacy will vary by organization. With environment-specific tuning these rules may be suitable for deployment as alerting rules. The rules are organized into two categories:

  • execution - IOCs that provide evidence that something previously executed on the system that may be related to this CVE such as suspicous network connections, URL requests, process exeuctions, and file writes
  • presence - IOCs related to this CVE that provide evidence that an actively running process or file is present on the system

FireEye customers can refer to the FireEye Community (community.fireeye.com) for additional information on how FireEye products detect these threats.

These rules are provided freely to the community without warranty.

About

OpenIOC rules to facilitate hunting for indicators of compromise

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •