The famous Log4Shell vulnerability known since december 2021 has impacted many Java servers using Log4j services. Since then, many obfuscation techniques were used to avoid detection from IPS inspection.
Stormshield Customer Security Lab team (SCSL) has published a new signature for SNS appliances. This allows to improve any exploit attempt detection. With the update, here are all the signatures that should be enabled to optimize you protection:
| ID | Name |
| http:client:header.217 | Log4j2 RCE attempt using JNDI on HTTP header (CVE-2021-44228) |
| http:client:header.218 | DoS attempt on a Log4j2 service using malicious HTTP header (CVE-2021-45046) |
| http:client:header.219 | DoS attempt on a Log4j2 service using malicious HTTP header (CVE-2021-45105) |
| http:client:data.160 | Log4j2 RCE attempt using JNDI on HTTP POST request (CVE-2021-44228) |
| http:client:data.161 | DoS attempt on a Log4j2 service using malicious HTTP POST request (CVE-2021-45046) |
| http:client:data.162 | DoS attempt on a Log4j2 service using malicious HTTP POST request (CVE-2021-45105) |
| http:url:decoded.420 | Log4j2 RCE attempt using JNDI on HTTP argument (CVE-2021-44228) |