Playbook of the Week: Automate Your Response to Zero-Day Exploitation of Atlassian Confluence
Jun 09, 2022
2 minutes
21 views
If you have Atlassian Confluence deployed, you probably have received notification of the latest security advisory on a critical vulnerability discovered by Volexity that allows for unauthenticated remote code execution on servers running Atlassian’s Confluence Server and Data Center applications. On June 2, 2022, Atlassian issued the CVE-2022-26134 advisory.
Now your team is hard at work tracking and patching this vulnerability, and we have just the automation playbook to help your team orchestrate response across your Palo Alto Networks environment and SIEMs. Reduce manual effort and speed up the patching process by using our Cortex™ XSOAR playbook to:
- Automate incident data enrichment
- Collect detection rules that indicate potential successful exploitation of the CVE-2022-26134
- Extract and tag the indicators (file, IP, CVE)
- Link indicators to incidents in your environment
- Automate threat hunting
- Search for exploitation patterns and associated indicators of compromise (IoCs) across your SIEM
- Query your Palo Alto Networks firewalls and Panorama logs for related sessions
- Search for possible vulnerable servers using Cortex® Xpanse™
- Take remediation actions
- Block indicators automatically at your PAN-OS enforcement points
- Deploy Yara and Sigma detection rules
- Install Confluence patched versions
- Surface Atlassian recommended workarounds to your team for quick follow-up
This playbook is part of the Rapid Breach Response Pack which includes various playbooks for trending vulnerabilities and threats. If you are running XSOAR 6.8 you can subscribe to pack updates and get notifications for quick response.
Rapid Response Playbook for Atlassian Confluence Zero-Day Vulnerability
For more information about the vulnerability, check out our Unit42 and Atlassian Confluence advisories. You can get more details on our playbook here.
Don’t have Cortex XSOAR? Download our free Community Edition to test out this playbook and hundreds more automations for common use cases you deal with daily in your security operations or SOC.
Related Blogs
Our library of online content is here to help you learn more, no matter what format you prefer or which topic interests you most.
Subscribe to Security Operations Blogs!
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.