IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Can we detect any attempt from zero-day CVE-2021-44228 by using Qradar?

    Posted Mon December 13, 2021 04:11 AM

    If we want to detect any attempt by using zero-day CVE-2021-44228, can use Qradar to detect it.

    Thanks.



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Can we detect any attempt from zero-day CVE-2021-44228 by using Qradar?
    Best Answer

    Posted Mon December 13, 2021 11:45 AM

    Hi,

    The simple answer to this question is, if it was a question?!: it depends ...

    There are many dependencies and prerequisites to consider...degree of maturity of the siem, siem strategy, knowledge of critical assets, siem scope (related java log records in scope?), vulnerability management, network activity (correlation to log records)...

    BSI listed some updated measures, how to deal with this situation:

    https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3

    In addition to that you should then be able to tune searches or rules to monitor related patterns and movements.

    This could increase the likelihood of recognizing traces of movement with qradar...

    It provides a very sophisticated instrument kit to approach a suitable approach.

    I'm not saying it's easy.. :)

    Regards,

    Ralph



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Can we detect any attempt from zero-day CVE-2021-44228 by using Qradar?
    Best Answer

    Posted Mon December 13, 2021 06:29 PM
    There is a blog post available on how to use QRadar for Detection of Log4Shell activity

    https://community.ibm.com/community/user/security/blogs/adam-frank/2021/12/13/detection-of-log4shell-using-qradar



    #QRadar
    #Support
    #SupportMigration