Update Hunting Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml

Co-authored-by: sergevanhaag <84989429+sergevanhaag@users.noreply.github.com>
2021-12-29 15:25:01 -08:00 · 2021-12-29 15:25:01 -08:00 · da3b384cb1
--- a/Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml
+++ b/Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml
@ -1,7 +1,7 @@
 id: 19abc034-139e-4e64-a05d-cb07ce8b003b
 name: Malicious Connection to LDAP port for CVE-2021-44228 vulnerability
 description: |
-  'This hunting query looks for connection to the most common LDAP ports to find possible exploitation attempts for CVE-2021-44228 involving log4j vulnerability.
+  'This hunting query looks for connection to the default LDAP ports to find possible exploitation attempts for CVE-2021-44228 involving log4j vulnerability.
   The attack is not limited only to these ports. Log4j is an open-source Apache logging library that is used in many Java-based applications. 
   Awareness of normal baseline traffic of an environment for java.exe while using this query will help determine normal from anomalous.
   Refrence: https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/'