Playbook: Internal Host Splunk Investigate log4j

Description

Published in response to CVE-2021-44228, this playbook utilizes data already in your Splunk environment to help investigate and remediate impacts caused by this vulnerability in your environment.

Apps

Splunk

How To Implement

This playbook presumes you have Enterprise Security and have configured Assets & Identities, as well as the Endpoint.Processes datamodel

Explore Playbook

Click the playbook screenshot to explore in more detail!

explore

Required fields

  • hostName

  • destinationAddress

Reference

source | version: 1