# Overview
This repository contains OpenIOC rules to facilitate hunting for indicators of compromise related to the Apache Log4j 2 remote code execution vulnerability (CVE-2021-44228).

These rules are considered hunting rules and as such detection efficacy will vary by organization. With environment-specific tuning these rules may be suitable for deployment as alerting rules. The rules are organized into two categories:

* execution - IOCs that provide evidence that something *previously executed* on the system that may be related to this CVE such as suspicous network connections, URL requests, process exeuctions, and file writes
* presence - IOCs related to this CVE that provide evidence that an actively running process or file is present on the system

FireEye customers can refer to the FireEye Community ( for additional information on how FireEye products detect these threats.

These rules are provided freely to the community without warranty.