Additional Info on Log4J Rules

["Chapman, Sean via Snort-sigs" <snort-sigs () lists snort org>]

Hello all,
Im looking to find out if anyone has information on the logic behind some of the Snort rules associated with Log4J 
detection.  I can successfully trigger these rules by sending a crafted GET request with a jndi:ldap:// query in the 
header and then the 5 rules ( 58723 58726 58737 58742 58743 ) are triggered on the Firepower appliance and the packets 
are dropped but I cannot find anywhere that says WHY the packets are dropped beyond that its detecting rules for Log4J 
exploitation.
The 5 all have the same level of detail listed such as this one
https://www.snort.org/rule_docs/1-58723
Any docs or places I missed to look for the details would be super helpful.
Thanks!


----------------------------------------------------------------------
CONFIDENTIALITY NOTICE: The content of this message and any files transmitted with it is a confidential and proprietary 
business communication, which is solely for the use of the intended recipient(s). Any use, distribution, duplication or 
disclosure by any other person or entity is strictly prohibited.  If you are not an intended recipient or this has been 
received in error, please notify the sender and immediately delete all copies of this communication.

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!