Testing Log4J with AWS Cloud NGFW

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Testing Log4J with AWS Cloud NGFW

L2 Linker

Hi,

 

what is the curl command in AWS EC2 to test if Log4J is well blocked by my AWS Cloud NGFW?

1 accepted solution

Accepted Solutions

Hello @mderaet

Greetings from Palo Alto Networks!

 

Log4j attack is blocked by default in CloudNGFW please make sure your CloudNGFW security profiles are set to Enabled (Best Practice).

 

 

Please refer to the below link for your reference.

https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/security-pro...

 

Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
 

View solution in original post

7 REPLIES 7

L3 Networker

Hello @mderaet
 

Greetings from Palo Alto Networks!

 

I saw your post and here is the curl command please make changes based on your environment IP address. 



Below is the video link which explains CloudNGFW implementation against the Log4j attack.

https://youtu.be/OovXk4WF7vs


Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*

Hey Taneja,

 

that would be lovely if I can copy the command as it is not possible. It seems you gave me a picture?

Hello @mderaet

 

Greetings from Palo Alto Networks!

 

I apologize I was having an issue pasting the command here.

 

Please find the pdf file attached to this post which contains the curl command and please make changes in the command based on your environment IP address.

 

Below is the video link which explains CloudNGFW implementation against the Log4j attack.

https://youtu.be/OovXk4WF7vs

 

Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*

Hey Taneja,

it does not work

So I would like to open a support case (I have premium support) and have a zoom meeting monday to solve this.

Thanks

L2 Linker

I would like to give you more details on this but impossible with the chat box here.

L2 Linker

Hi

 

I launched this curl to an external web server (a colleague of mine) and the curl is successfull!!

 

In cloudwatch I can see the rule which allows this curl..  Isnt Log4J attack blocked by default?

 

Please advise

Hello @mderaet

Greetings from Palo Alto Networks!

 

Log4j attack is blocked by default in CloudNGFW please make sure your CloudNGFW security profiles are set to Enabled (Best Practice).

 

 

Please refer to the below link for your reference.

https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/security-pro...

 

Regards,
Devanshu Taneja
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
*Don’t forget to accept the solution provided!*
 

  • 1 accepted solution
  • 6150 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!