Analytics Story: Confluence Data Center and Confluence Server Vulnerabilities

Date: 2024-01-22 ID: 509387a5-ab53-4656-8bb5-4bc8c2c074d9 Author: Michael Haag, Splunk Product: Splunk Enterprise Security

The following analytic story covers use cases for detecting and investigating potential attacks against Confluence Data Center and Confluence Server.

The analytic story of Confluence Data Center and Confluence Server encompasses a comprehensive approach to safeguarding these platforms from a variety of threats. By leveraging the analytics created in the project, security teams are equipped to detect, investigate, and respond to potential attacks that target Confluence environments.

Name ▲▼ Technique ▲▼ Type ▲▼
Confluence Data Center and Server Privilege Escalation Exploit Public-Facing Application TTP
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527 Exploit Public-Facing Application TTP
Confluence Unauthenticated Remote Code Execution CVE-2022-26134 Server Software Component, Exploit Public-Facing Application, External Remote Services TTP
Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼
Nginx Access N/A nginx:plus:kv /var/log/nginx/access.log
Palo Alto Network Threat Network icon Network pan:threat pan:threat
Suricata N/A suricata suricata

Source: GitHub | Version: 1