Forum Discussion
seamlessfirework
Oct 13, 2023Cirrus
I had the same question. I create a custom signature set with all the recommended Log4J Signatures with this JSON body
{
"name": "attack-signatures-log4j",
"assignToPolicyByDefault": true,
"defaultAlarm": true,
"type": "manual",
"isUserDefined":true,
"accuracyValue": "high",
"signatureReferences": [
{
"link": "https://localhost/mgmt/tm/asm/signatures/FzyRtmjEB-RDeYxdV22Wcg"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/6GEkbeeViqG1i1bCMLXdOA"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/TDtAdP40B84UaYXLhMgIew"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/rYiJHZdAYt0dhXlbxFVXFQ"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/tOd2EOQdCzetaf2U3fHdKg"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/r1KtsZ7eOufX3tm3P1rhUA"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/NQyazwn_x4RzMCHvqv4GBw"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/T-E0ExygzH1O3DNShs3QtA"
},
{
"link": "https://localhost/mgmt/tm/asm/signatures/MFZSx7kIuGwhZDl8Vq85gA"
}
],
"defaultLearn": false,
"defaultBlock": true
}