It might be a new year, but we still have the same old problems. Log4j, like COVID-19 and its many variants, is still circulating our collective ecosystem.
If you’re worried you might be at risk, here’s a helpful list of scanners and tools dedicated to looking for Log4j:
- Amazon Inspector and AWS – Made for scanning Amazon EC2 instances and Amazon Elastic Container Registry images, this tool automates scanning and runs continuously. Scanning is driven by things like the installation of new software packages, and the publication of new common vulnerability and exposure (CVEs).
- Arctic Wolf – Publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.
- Bi.Zone – Also on on GitHub, Bi.Zone’s tool scans the memory of Java processes for Log4j signatures. The scanner functions directly on the host, rather than through the Internet. The scan output is a list of hosts that contain applications with Log4j, which enables MSSPs and users to personally check if the library version is vulnerable.
- CISA: The Cybersecurity and Infrastructure Security Agency (CISA) modified a Log4J scanner created by security company FullHunt and got help from other researchers like Philipp Klaus and Moritz Bechler, ZDnet reported.
- CrowdStrike: The company released a free Log4J scanner called CrowdStrike Archive Scan Tool (CAST).
- CyberCNS: The company’s vulnerability scanner supports detection of the Log4j vulnerability, according to a CyberCNS home page message. Hundreds of MSPs and MSSPs run the CyberCNS Vulnerability Manager to help small businesses meet regulatory and compliance frameworks, the company says.
- Cyrisma: The cybersecurity posture management platform offers this Log4j vulnerability mitigation technology for MSPs, MSSPs, information security consulting firms and incident response firms.
- Datto, the MSP software, backup appliance and technology provider, has created the Log4Shell Enumeration, Mitigation and Attack Detection Tool for Windows and Linux. The tool downloads and executes the latest detection methods published by Florian Roth.
- F-Secure: The company’s F-Secure Elements Vulnerability Management platform allows MSPs and MSSPs to identify Log4j vulnerabilities.
- Huntress: The MDR provider to MSPs and MSSPs introduced this Log4Shell vulnerability tester.
- Liongard: The automation software company, focused on MSPs, released a Log4j Audit report within the Liongard platform to make it easy for partners to see how the Log4j vulnerabilities are impacting their customers and their systems, Liongard to MSSP Alert.
- Microsoft Defender for Endpoint: Multiple updates… The Microsoft 365 Defender portal now features a consolidated Log4j dashboard to help customers identify and remediate files, software and devices that are exposed to the Log4j vulnerabilities. Source: Microsoft.Microsoft has updated the Threat and Vulnerability Management capabilities in Microsoft Defender for Endpoint to surface Log4j library components that are vulnerable to CVE-2021-44228. These capabilities automatically discover vulnerable Log4j libraries in products and services installed on Windows clients and Windows servers.
- Qualys is making its Web Application Scanning (WAS) solution available free for 30 days, beginning December 17, 2021. The tool can scan web applications and APIs for the Log4Shell (CVE-2021-44228) vulnerability, Qualys included.
- Sonatype: The supply chain software security company says its Nexus Open Source Vulnerability Scanner allows partners to spot the Log4j vulnerability.
- Tenable: The company has released scan templates for Tenable.io, Tenable.sc, Tenable.io WAS and Nessus Professional which are p”re-configured to allow quick scanning for this vulnerability.” Dashboards are also available in Tenable.io and Tenable.sc.
- Trend Micro Log4j Vulnerability Tester: This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.
Bonus – Log4j Guidance From CISA: Here is regularly updated Log4j vulnerability mitigation guidance from the CISA(Cybersecurity and Infrastructure Security Agency).
