Monitoring Splunk

Splunk log4j

revanthammineni
Path Finder

Hello Splunkers,

I’ve created a search to show up all the log4j related events by looking into the strings. We are trying to dig into the events and schedule an alert.

Are there any particular messages we should check in the events for log4j vulnerability? Any particular events that has high risk factor? 

thanks in advance. 

Labels (1)
Tags (2)
0 Karma

isoutamo
SplunkTrust
SplunkTrust
There are examples and discussions on Splunk Slack on channel #log4jstuff.
0 Karma

revanthammineni
Path Finder

Thanks for the quick response.
Could you send me the link to this channel. I couldn’t seem to find it.

Also, If you have any documents regards to my question, Please send them over. TIA

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...