CVE-2021-27065 Detection
Summary
This remote monitor will look for results in PROGRAMFILES/Microsoft/Exchange Server/V15/Logging/ECP/Server/*.log files and will write the result as "Issue found" or "Status Good." This remote monitor was created to check the initial portion of the Microsoft Exchange Server Remote Code Execution Vulnerability that emerged in March 2021.
Details
Suggested "Limit to": Exchange Servers
Suggested Alert Style: Once
Suggested Alert Template: Default - Create Automate Ticket
Insert the details of the monitor in the table below.
| Check Action | Server Address | Check Type | Check Value | Comparator | Interval | Result |
|---|---|---|---|---|---|---|
| Look below | 127.0.0.1 | Run File | System | Contains | 3600 S | Status Good |
Target
Exchange Servers