How Tanium Can Help With the Log4j Vulnerability

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

a zero day vulnerability involving the apache log4 j2 utility was publicly disclosed on december 9th 2021. log 4j2 versions prior to 2.15.0 are vulnerable to an unauthenticated remote code execution vulnerability identified as cve-2021-44228 log4j2 is an open source java logging library that is incorporated in many enterprise applications open source software and potentially as a dependency and many other services the prevalence of configuration and installation variables make this vulnerability extremely challenging to identify however with tanium you get real-time visibility and control to quickly identify and remedy your environment tanium customers have several methods of identifying instances of this vulnerability in their environment but we won't go into all of them in this video we will demonstrate the use of botanium reveal and tanium index to find log4j instances if you are not an existing tanium threat response ortanium reveal customer please reach out to tanium support at the link provided to discuss available options and be sure to check out the article at the end of this video for more details now let's start the demo this vulnerability can be exploited and running apache log4j2 instances between version 2.0 beta9 and 2.14.1 where the log4j2 dot format message no lookup system property is set to false the vulnerable features are disabled by default in apache log4j2 v2.15.0 for machines that are running tanium's index component the index-files detail sensor can help identify apache log4j2 jar files and their versions this question provides details about apache long 4j2 core jar files including the directory path version string size and hash not all instances found from this question should be considered vulnerable however the results can help identify which systems and file locations are potential targets for mitigation or should be investigated further tanium reveal is capable of looking inside files for the purpose of finding sensitive data customers can leverage the extensible functionality of tanium reveal to identify evidence of vulnerable log4j instances including those that have been repackaged by third-party vendors here we can search within jar ear and war files for the use of the log4j library the results of this search will show you a list of endpoints with files containing the string here we can select the computer listed to view the results then you are able to select the files to view the instances of log4j within them in some cases it may make sense to refine your search by adding regular expressions and validations please refer to the tanium community article for specific examples or speak with your technical account manager here you can see some results from defined regular expressions this vulnerability is very unique as it can be hidden within vendor software also known as supply chain vulnerability while companies may be scrambling to research whether their products are vulnerable with tanium reveal you'll know a certainty if you are an existing customer but not an existing tanium threat response ortanium reveal customer please reach out to tanium support to discuss available options if you are new to tanium and would like to see how we can help your organization you can test drive tanium at try.tanium.com know everything on your endpoints control them now and fix them fast tanium the power of certainty you

Info

Channel: Tanium

Views: 1,055

Rating: undefined out of 5

Keywords: Log4Shell, Log4j, vulnerability, patch tuesday, cybersecurity, tanium, software patching, cyberattack, security

Id: GSqDaBX7PJw

Channel Id: undefined

Length: 4min 26sec (266 seconds)

Published: Wed Dec 15 2021