SolarWinds Orion Vulnerability
Learn more about the recent SolarWinds Orion Vulnerability here: https://www.sonicwall.com/support/product-notification/201215115842243/
SonicWall also has confirmed it is not using a vulnerable SolarWinds Orion product and is not impacted by this threat.
SonicWall Capture Labs threat researchers have investigated the vulnerability and published four signatures that identify malicious activity against affected SolarWinds Orion versions, and two additional application notifications that detect if an organization has SolarWinds Orion deployed within its network. These signatures are applied automatically to SonicWall firewalls with active security subscriptions:
- 15292: BACKDOOR SolarWinds Supply Chain Malware Activity 1
- 15293: BACKDOOR SolarWinds Supply Chain Malware Activity 2
- 15294: BACKDOOR SolarWinds Supply Chain Malware Activity 3
- 15295: BACKDOOR SolarWinds Supply Chain Malware Activity 4
- 15296: BUSINESS-APPS SolarWinds Orion (API Activity)
- 2014: BUSINESS-APPS SolarWinds Orion (Update Activity)
@micah - SonicWall's Self-Service Sr. Manager
Thank you for the update on the Signature Files, Can you tell me how I would be able to recognize any activity via the Sonicwall Console for Traffic related to this Threat?
Hi @brentr ,
I hope you are safe and well!
You shoud be able to see the logs related to IPS prevention and detection by enabling it under MANAGE | Log Settings | Base Setup.
Knowledge Management Senior Analyst at SonicWall.