Description

This product pack is intended to address various aspects of CVE-2021-44228, CVE-2021-45046 or CVE-2021-45105, collectively known as the log4j vulnerability.

Key Features

  • List all the Jar file and its content.
  • Search Jar files.
  • Set environmental variables.

Setup

  • This Product Pack contains both Rules and instructions.
  • Upload this Product pack with the help of Tachyon Product Pack Deployment Tool.
  • A Guaranteed State Policy named Policy Log4j Includes v1 will be created.
  • Four Guaranteed State Rules will be created in this policy.
  • An Instruction Set named Log4j Vulnerability containing all the instructions will be created.

Usage

  1. Review any rule, for example Rule-Includes-Table-Log4j-VulnerableVersions.
  2. Adjust the Trigger IntervalHours to run it on a periodic basis.
  3. The Check is performed to determine if Table.Log4j.VulnerableVersions code is stored and hasn't been modified from the original.
  4. Enable this rule.
  5. Assign the Policy Log4j Includes v1 Policy to a management group.
  6. Deploy the Policy Log4j Includes v1 Policy.
  7. Within a period of a day or two you would start seeing the compliance and remediation reports on Log4j.
  8. We can also manually run instruction from Explorer to perform additional tasks.

Components

Join Our Newsletter

Copyright © 1E 2022 All Rights Reserved

This website is designed for desktop. If using a mobile browser please change to desktop view.