Last Update: Sep 04, 2024 | Published: Dec 22, 2021
Microsoft has announced some important updates for Microsoft Sentinel, its scalable cloud-native SIEM tool that provides AI-powered security analytics in enterprise environments. The Redmond giant has launched a new solution in public preview that should help IT Admins to detect Apache Log4j vulnerabilities.
Last week, Microsoft acknowledged the emergence of an Apache Log4j vulnerability (CVE-2021-44228) that is currently being exploited by threat actors to install malwares by gaining remote access to compromised devices. “The vulnerability allows unauthenticated remote code execution and is triggered when a specially crafted string provided by the attacker through a variety of different input vectors is parsed and processed by the Log4j 2 vulnerable component,” the company explained.
With the new Log4j exploit detection tool, Microsoft is offering enterprise customers a complete solution to easily track, monitor, as well as investigate the Log4Shell exploit targeting the Log4j flaw. Specifically, IT admins will be able to access the new Log4j exploit detection solution via Microsoft Sentinel Content Hub.
However, a Microsoft representative has confirmed that enterprise customers with active Microsoft Sentinel subscriptions will have to download and install the tool from GitHub manually. “Solutions can’t be deployed into subscriptions from Microsoft Azure Cloud Solution Providers. However, you can manually add these detections into your workspace from our Github repo,” said Sarah Young, Senior Program Manager for Azure Security at Microsoft.
To deploy the new Log4j exploit detection tool, IT Admins will need to follow these steps:
Microsoft is still investigating the Log4j vulnerability, and it’s recommending enterprise customers check for the latest updates regularly. The company is also keeping track of all the indicators of compromise (IOCs) related to the Log4j security flaw on the Microsoft Threat Intelligence Center (MSTIC), and you can find the full list on this GitHub page.