Last, verify

$sudo docker exec vulnerable-app ls -la /tmp

Sentinel Detection

The next step is to make sure that you can see the POC and the command that you have run before. To know what is going on with your lab environment, make sure to forward platform logs to your Microsoft Sentinel. Once you have platform logs on your Microsoft Sentinel, you can use the hunting rules and other queries to detect the JNDI malicious actions.


Sentinel Log4j


Hunting Log4j With Sentinel (

Kali Linux On Azure – Install Guide

welk1n/JNDI-Injection-Exploit: JNDI注入测试工具