https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581747#M8776 <P>Hello Splunkers,</P><P>I’ve created a search to show up all the log4j related events by looking into the strings. We are trying to dig into the events and schedule an alert.</P><P>Are there any particular messages we should check in the events for log4j vulnerability? Any particular events that has high risk factor?&nbsp;<BR /><BR /></P><P>thanks in advance.&nbsp;</P> Wed, 19 Jan 2022 21:11:41 GMT revanthammineni 2022-01-19T21:11:41Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581747#M8776 <P>Hello Splunkers,</P><P>I’ve created a search to show up all the log4j related events by looking into the strings. We are trying to dig into the events and schedule an alert.</P><P>Are there any particular messages we should check in the events for log4j vulnerability? Any particular events that has high risk factor?&nbsp;<BR /><BR /></P><P>thanks in advance.&nbsp;</P> Wed, 19 Jan 2022 21:11:41 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581747#M8776 revanthammineni 2022-01-19T21:11:41Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581766#M8777 There are examples and discussions on Splunk Slack on channel #log4jstuff. Wed, 19 Jan 2022 22:03:37 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581766#M8777 isoutamo 2022-01-19T22:03:37Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581785#M8778 <P>Thanks for the quick response.<BR />Could you send me the link to this channel. I couldn’t seem to find it.</P><P>Also, If you have any documents regards to my question, Please send them over. TIA</P> Wed, 19 Jan 2022 23:04:18 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581785#M8778 revanthammineni 2022-01-19T23:04:18Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581834#M8779 <P>Here is a link to Slack channel <A href="https://splunk-usergroups.slack.com/archives/C02QJCLUFD4" target="_blank">https://splunk-usergroups.slack.com/archives/C02QJCLUFD4</A></P><P>And some other blogs / information about it</P><UL><LI><A href="https://www.splunk.com/en_us/cyber-security/log4shell-log4j-response-overview.html" target="_blank">https://www.splunk.com/en_us/cyber-security/log4shell-log4j-response-overview.html</A></LI><LI><A href="https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html" target="_blank">https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html</A></LI><LI><A href="https://www.splunk.com/en_us/blog/security/log4shell-detecting-log4j-vulnerability-cve-2021-44228-continued.html" target="_blank">https://www.splunk.com/en_us/blog/security/log4shell-detecting-log4j-vulnerability-cve-2021-44228-continued.html</A></LI><LI><A href="https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html" target="_blank">https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html</A></LI></UL><P>&nbsp;</P> Thu, 20 Jan 2022 06:40:47 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-log4j/m-p/581834#M8779 isoutamo 2022-01-20T06:40:47Z