Log4j LogJam vulnerability checker

Jeff Lorenzen
Jeff Lorenzen Boulder, COMember CHOCOLATE MILK
edited January 24 in Solutions

Version: VSA 9.x, Windows

Description: Searches all Windows partitions for *log4j*.jar* which will be an indicator that the endpoint is utilizing Log4Shell. Sends an alarm to the endpoint, attaches results in GetFile

Instructions : Upload XML to your private folder and test before making public. Create a dummy file in a directory to get a positive result Alternatively add sendEmail to feed an alert to your PSA/Ticketing system. Reference: https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/


Comments

  • Rob
    Rob Member CHOCOLATE MILK

    Thank you for this. I have imported successfully and running fine.

    Do you possibly have some steps to add the alert so we can know which systems are affected without reviewing txt files?

    Much appreciated.

  • Rob
    Rob Member CHOCOLATE MILK

    Thank you for this. I have imported successfully and running fine.

    Do you possibly have some steps to add the alert function so we don't have to review txt files?

  • Rob
    Rob Member CHOCOLATE MILK
    edited December 2021