I’ve created a search to show up all the log4j related events by looking into the strings. We are trying to dig into the events and schedule an alert.
Are there any particular messages we should check in the events for log4j vulnerability? Any particular events that has high risk factor?
thanks in advance.
Thanks for the quick response.
Could you send me the link to this channel. I couldn’t seem to find it.
Also, If you have any documents regards to my question, Please send them over. TIA
Here is a link to Slack channel https://splunk-usergroups.slack.com/archives/C02QJCLUFD4
And some other blogs / information about it