This detection rule identifies outbound network connections initiated by Java processes to specific default ports associated with LDAP (389, 636) and RMI (1099, 1389). Such activity may be indicative of exploitation attempts related to the Log4j vulnerability (CVE-2021-44228). By analyzing logs from Endpoint Detection and Response (EDR) agents, the rule underscores critical monitoring of network traffic and process behaviors, particularly as they relate to Java applications. If successful, these connections could allow an attacker to execute remote commands or retrieve malicious payloads, highlighting a significant security risk in compromised environments. The implementation focuses on aggregating process information combined with network traffic data to flag unusual outbound activity linked to Java applications.