For details on cookie usage on our site, read our Privacy Policy
XQL Query to identify Log4j impacted systems CVE-2021-44228
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
- XQL Query to identify Log4j impacted systems CVE-2021-44228
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
XQL Query to identify Log4j impacted systems CVE-2021-44228
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-12-2021 12:52 PM
Hello
I am wanting to use XQL and file search to identify any effected machines. searching for files that contain the word log4j results in exceeding maximum results. Has any one developed a query for this yet thats more accurate?
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-17-2021 06:14 AM
Hello,
Is there a possibility to extend the xql search to the firewall logs "Session end reason"? Because, if i see sesssion end reason Threat, then i'm not interested because it is blocked. But in the xdr_data dataset is the session end reason not present.
How can Cortex XDR stiching the Agent Logs togther with the firewall logs? Do they build a key in both datasets, like time, srcIP,dstIP, srcPort,dstPort,Protocol?
- Network Traffic analysis in Cortex XDR Discussions
- how to specify Cloud Info "vpc-id" in Endpoint Group? in Cortex XDR Discussions
- Compliance Processes for Cortex XDR in Cortex XDR Discussions
- Local Malware Analysis in Cortex XDR Discussions
- Compile Payload Source Code Locally in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
