On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache Log4j 2, called Log4Shell, was identified being exploited in the wild. Public proof of concept (PoC) code was released, and subsequent investigation revealed that exploitation was incredibly easy to perform.
In this Log4Shell incident response dramatization, we feature 3 SOC personas —a threat hunter, a tier 2 SOC analyst, and a director of vulnerability management.
From the user viewpoint of the Cortex XDR console, each team member goes through their respective steps of investigation, hunting for IOCs, and “search and destroy'' by sweeping across all endpoints to block and remove malicious files.