corelight/cve-2021-44228

Issues

• Sensitive_Signature notices should be surprressed

  #54 opened 8 months ago by pauldokas
  0

• Need a check on c$http$user_agent

  #47 opened 3 years ago by keithjjones
  1

• Add pcaps to btest for diverse checking

  #41 opened 3 years ago by benjeems
  0

• sniffed mime-type not populated in time, results in edge-case FN

  #42 opened 3 years ago by benjeems
  0

• Add links to accompanying blogs that explain the detection algorithms

  #39 opened 3 years ago by benjeems
  0

• add id_orig_h and id_resp_h to log4j.log

  #36 opened 3 years ago by benjeems
  2

• log4j.log field naming considerations

  #38 opened 3 years ago by dwdixon
  1

• Parses wrong payload IP

  #30 opened 3 years ago by ynadji
  2

• Improve parsing test coverage

  #32 opened 3 years ago by ynadji
  0

• LDAPS fingerprinting

  #28 opened 3 years ago by benjeems
  0

• DNS exfil regexes

  #27 opened 3 years ago by benjeems
  0

• Add history field to the notice and/or log4j

  #23 opened 3 years ago by abousteif
  1

• README updates to explain DPD sig work

  #19 opened 3 years ago by ynadji
  1

• Cater for payload obfuscation tags

  #6 opened 3 years ago by benjeems
  0

• whitelist known-good scanners

  #9 opened 3 years ago by benjeems
  0

• Reporter errors "field value missing (CVE_2021_44228::c$http$uri)"

  #4 opened 3 years ago by dwdixon
  4

• Env vars in URL

  #12 opened 3 years ago by ynadji
  0

• Remove FPs associated with use of ${ indicator

  #10 opened 3 years ago by benjeems
  0

• LOG4J_RCE tag is added to all http log entries

  #13 opened 3 years ago by JustinAzoff
  0

• Detect activity to payload IP:port, indicating exploit was successfull

  #8 opened 3 years ago by benjeems
  0

• Watch for a DNS lookup when domain name is used in payload

  #7 opened 3 years ago by benjeems
  0