Detecting Log4Shell with Wazuh
129 views
Skip to first unread message
Pilar Quesada Torres
Dec 17, 2021, 5:49:43 AM12/17/21
to Wazuh mailing list
We want to share with you our latest blog post on how to protect your system against the critical Log4Shell vulnerability.
Feel free to share your thoughts and recommendations with us.
Best regards,
The Wazuh team.
Lee Seeman
Dec 17, 2021, 1:41:26 PM12/17/21
to Wazuh mailing list
We already have a vulnerability management system to detect vulnerable Apache versions. But we would like Wazuh to detect Log4Shell exploit attempts/attacks. Can we implement the rule and default group agent conf separately without SCA policy? Also, how do can also detect exploits on Windows systems with Apache?
Darwin Chavez
Dec 21, 2021, 5:27:03 PM12/21/21
to Wazuh mailing list
Hi,
I have the nex issue when I try apply the rule:
Wazuh-logtest error -1:
ERROR: (1227): Error applying XML variables 'etc/rules/local_rules.xml': XMLERR: Unknown variable: '\{\S*\w\}\S*)+'..
Wazuh-logtest error -1:
ERROR: (1227): Error applying XML variables 'etc/rules/local_rules.xml': XMLERR: Unknown variable: '\{\S*\w\}\S*)+'..
It is like taked a "$\{\S*\w\}\S" as a varible on the regex,
Anyone else with that problem?
Anyone else with that problem?
Reply all
Reply to author
Forward
0 new messages