Data Source: Windchill Log4j

Date: 2026-06-14

ID: f33af1fb-df5c-45c5-b8fd-20b0bbfb5415

Author: Nasreddine Bencherchali, Splunk

Description

PTC Windchill MethodServer log4j logs containing servlet request and method context activity from Windchill application components.

Details

Property	Value
Source	`not_applicable`
Sourcetype	`log4j`

Name ▲▼	Technique ▲▼	Type ▲▼
PTC Windchill Gateway Command Execution	Data from Local System, Command and Scripting Interpreter, Exploit Public-Facing Application	Anomaly
PTC Windchill GW READY OK Probe	Command and Scripting Interpreter, Exploit Public-Facing Application	Anomaly

Event Fields

+ Fields

  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">_raw</span>
  
  <span class="pill kill-chain">log_level</span>
  
  <span class="pill kill-chain">thread</span>
  
  <span class="pill kill-chain">logger</span>
  
  <span class="pill kill-chain">src_ip</span>
  
  <span class="pill kill-chain">uri_path</span>
  
  <span class="pill kill-chain">query_string</span>
  
  <span class="pill kill-chain">http_method</span>
  
  <span class="pill kill-chain">status</span>
  
</div>

Example Log

12026-03-26 19:12:00,053 ERROR [ajp-nio-127.0.0.1-10660-exec-2] wt.servlet.ServletRequestMonitor.request  - 2026-03-26 19:12:00.049 +0530, q4io1jf;mn7i98pd;62288;2anc4x;4122, -, 10.10.2.3, /Windchill/servlet/WindchillGW/GW/run, c=whoami, GET, 500, 0.0037325, 0.004020767

Source: GitHub | Version: 1

Data Source: Windchill Log4j

Description

Details

Related Detections

Event Fields

Example Log