Playbook: Internal Host Splunk Investigate log4j

Description

Published in response to CVE-2021-44228, this playbook utilizes data already in your Splunk environment to help investigate and remediate impacts caused by this vulnerability in your environment.

Type: Investigation Date: 2021-12-14 Author: Lou Stella, Splunk ID: fc0adc66-ff2b-48b0-9a6f-63da6783fd63

Apps

Splunk

How To Implement

This playbook presumes you have Enterprise Security and have configured Assets & Identities, as well as the Endpoint.Processes datamodel

Explore Playbook

Click the playbook screenshot to explore in more detail!

Required fields

hostName
destinationAddress

Reference

https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html

source | version: 1