Log4JLog4Shell Auditing
Purpose
To present information about possible Log4Shell vulnerabilities and attacks on Automate agents.
Associated Content
| Content | Type | Function |
|---|---|---|
| SEC - Endpoint Protection - Custom Table - plugin_proval_log4jsoftwarelist | ||
| SEC - Endpoint Protection - Dataview - Log4J - Log4Shell - Possible Vulnerabilities | Dataview | Displays possible discovered software that is vulnerable. |
| SEC - Endpoint Protection - Script - Import Log4Shell Table | Script | Wraps the Import-Log4JTable agnostic script. |
| SEC - Endpoint Protection - Agnostic - Import-Log4JTable and stores it in a custom table. | ||
| SEC - Endpoint Protection - Script - Log4J (Log4Shell) File Scan | Script | This script is used to scan for possible vulnerabilities in a target system, saving information to EDFs for reporting. |
| SEC - Endpoint Protection - Dataview - Log4J - Log4Shell - Detections | Dataview | Displays information about the EDFs filled by SEC - Endpoint Protection - Script - Log4J (Log4Shell) File Scan. These EDFs indicate vulnerability information about the Log4J/Log4Shell exploit. |
| CWM - Automate - Script - Log4J Remediation Residue Removal | Script | Removes the residuals left by the Log4J (Log4Shell) File Scan script, including the Everything service. |