January 5, 2022
Shortly before the December holidays, a vulnerability in the ubiquitous Log4J library arrived like the Grinch, Scrooge, and Krampus rolled into one monstrous bundle of Christmas misery. Log4J maintainers went to work patching the exploit, and security teams scrambled to protect millions of exposed applications before they got owned. At Cribl, we put together multiple resources to help security teams detect and prevent the Log4J vulnerability using CStream. To collect everything in one place, here’s what we put together:
This blog from Igor Gifrin breaks down the exploit, then goes into how you can use Cribl Stream to route malicious Log4J attempts to a safe location for investigation and remediation.
Ed Bailey and I did a live stream where we went deeper into LogStream’s features to not only detect Log4J attacks, but also how to enrich inbound data with GeoIP information, as well as how to use LogStream’s lookup capabilities to quickly update a database of compromised hosts, or indicators of compromise (IOCs).
Since IT executives are busy, we also put together a one-page solution brief describing the vulnerability and how Stream’s unique features help security teams respond to the threat.
Lastly, we did a quick video summarizing the exploit, the scope of the threat, and where Cribl Stream fits in.
If you’re working on the Log4J vulnerability and need a hand with Stream in your environment, please drop into the Cribl Community Slack. We’re here to help. If you need Stream, it’s available for free either in the cloud or as software, and our sandboxes offer a great way to try the product with sample data.