This repository contains OpenIOC rules to facilitate hunting for indicators of compromise related to the Apache Log4j 2 remote code execution vulnerability (CVE-2021-44228).
These rules are considered hunting rules and as such detection efficacy will vary by organization. With environment-specific tuning these rules may be suitable for deployment as alerting rules. The rules are organized into two categories:
FireEye customers can refer to the FireEye Community (community.fireeye.com) for additional information on how FireEye products detect these threats.
These rules are provided freely to the community without warranty.