https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509511#M356 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/226856">@mderaet</a></P> <P>&nbsp;</P> <P>Greetings from Palo Alto Networks!</P> <P>&nbsp;</P> <P>I apologize I was having an issue pasting the command here.</P> <P>&nbsp;</P> <P>Please find the pdf file attached to this post which contains the curl command and please make changes in the command based on your environment IP address.</P> <P>&nbsp;</P> <P>Below is the video link which explains CloudNGFW implementation against the Log4j attack.</P> <P><A href="https://youtu.be/OovXk4WF7vs" target="_blank">https://youtu.be/OovXk4WF7vs</A></P> <P>&nbsp;</P> <P>Regards,<BR />Devanshu Taneja<BR />Product specialist<BR />Palo Alto Networks<BR /><A href="https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW" target="_blank">https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW</A><BR /><STRONG>*Don’t forget to accept the solution provided!*</STRONG></P> Thu, 21 Jul 2022 16:29:50 GMT dtaneja 2022-07-21T16:29:50Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509361#M352 <P>Hi,</P> <P>&nbsp;</P> <P>what is the curl command in AWS EC2 to test if Log4J is well blocked by my AWS Cloud NGFW?</P> Wed, 20 Jul 2022 08:31:55 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509361#M352 mderaet 2022-07-20T08:31:55Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509417#M353 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/226856">@mderaet</a><BR />&nbsp;</P> <P>Greetings from Palo Alto Networks!</P> <P>&nbsp;</P> <P>I saw your post and here is the curl command please make changes based on your environment IP address.&nbsp;</P> <P><BR /><IMG src="https://ip1.i.lithium.com/aef49ee8b7b7482a7a0e84cb947ffd4bfbb0559c/68747470733a2f2f6c69746869756d2d726573706f6e73652d70726f642e73332e75732d776573742d322e616d617a6f6e6177732e636f6d2f70616c6f616c746f2d6e6574776f726b732e726573706f6e73652e6c69746869756d2e636f6d2f524553504f4e5345494d4147452f32613733373938642d393331372d343938382d383532372d3639363737623438303934652e64656661756c742e706e67" border="0" /></P> <P><BR />Below is the video link which explains CloudNGFW implementation against the Log4j attack.</P> <P><A href="https://youtu.be/OovXk4WF7vs" target="_blank" rel="noopener">https://youtu.be/OovXk4WF7vs</A></P> <P><BR />Regards,<BR />Devanshu Taneja<BR />Product specialist<BR />Palo Alto Networks<BR /><A href="https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW" target="_blank">https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW</A><BR /><STRONG>*Don’t forget to accept the solution provided!*</STRONG></P> Wed, 20 Jul 2022 19:23:45 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509417#M353 dtaneja 2022-07-20T19:23:45Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509469#M354 <P>Hey Taneja,</P> <P>&nbsp;</P> <P>that would be lovely if I can copy the command as it is not possible. It seems you gave me a picture?</P> Thu, 21 Jul 2022 08:24:01 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509469#M354 mderaet 2022-07-21T08:24:01Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509511#M356 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/226856">@mderaet</a></P> <P>&nbsp;</P> <P>Greetings from Palo Alto Networks!</P> <P>&nbsp;</P> <P>I apologize I was having an issue pasting the command here.</P> <P>&nbsp;</P> <P>Please find the pdf file attached to this post which contains the curl command and please make changes in the command based on your environment IP address.</P> <P>&nbsp;</P> <P>Below is the video link which explains CloudNGFW implementation against the Log4j attack.</P> <P><A href="https://youtu.be/OovXk4WF7vs" target="_blank">https://youtu.be/OovXk4WF7vs</A></P> <P>&nbsp;</P> <P>Regards,<BR />Devanshu Taneja<BR />Product specialist<BR />Palo Alto Networks<BR /><A href="https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW" target="_blank">https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW</A><BR /><STRONG>*Don’t forget to accept the solution provided!*</STRONG></P> Thu, 21 Jul 2022 16:29:50 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509511#M356 dtaneja 2022-07-21T16:29:50Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509714#M357 <P>Hey Taneja,</P> <P>it does not work</P> <P>So I would like to open a support case (I have premium support) and have a zoom meeting monday to solve this.</P> <P>Thanks</P> Sat, 23 Jul 2022 11:54:42 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509714#M357 mderaet 2022-07-23T11:54:42Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509715#M358 <P>I would like to give you more details on this but impossible with the chat box here.</P> Sat, 23 Jul 2022 11:55:30 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509715#M358 mderaet 2022-07-23T11:55:30Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509718#M359 <P>Hi</P> <P>&nbsp;</P> <P>I launched this curl to an external web server (a colleague of mine)<SPAN>&nbsp;and the curl is successfull!!</SPAN></P> <P>&nbsp;</P> <P><SPAN>In cloudwatch I can see the rule which allows this curl..&nbsp; Isnt Log4J attack blocked by default?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Please advise</SPAN></P> Sat, 23 Jul 2022 14:05:40 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509718#M359 mderaet 2022-07-23T14:05:40Z https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509817#M360 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/226856">@mderaet</a><BR /><BR />Greetings from Palo Alto Networks!</P> <P>&nbsp;</P> <P>Log4j attack is blocked by default in CloudNGFW please make sure your CloudNGFW security profiles are set to Enabled (Best Practice).</P> <P>&nbsp;</P> <P><IMG style="width:84.92%;" src="https://ip1.i.lithium.com/2a6ee666bc3c74be9fb8f750a7f0d0cd66120616/68747470733a2f2f6c69746869756d2d726573706f6e73652d70726f642e73332e75732d776573742d322e616d617a6f6e6177732e636f6d2f70616c6f616c746f2d6e6574776f726b732e726573706f6e73652e6c69746869756d2e636f6d2f524553504f4e5345494d4147452f38613235323535322d613036302d343765372d396266632d3937336132316139303634332e64656661756c742e706e67" /></P> <P>&nbsp;</P> <P>Please refer to the below link for your reference.</P> <P><A href="https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/security-profiles" target="_blank">https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/security-profiles</A></P> <P>&nbsp;</P> <P>Regards,<BR />Devanshu Taneja<BR />Product specialist<BR />Palo Alto Networks<BR /><A href="https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW" target="_blank">https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW</A><BR />*Don’t forget to accept the solution provided!*<BR />&nbsp;</P> Mon, 25 Jul 2022 17:27:48 GMT https://live.paloaltonetworks.com/t5/cloud-ngfw-for-aws-discussions/testing-log4j-with-aws-cloud-ngfw/m-p/509817#M360 dtaneja 2022-07-25T17:27:48Z