Per this article I can check my systems for log4j using an sql query:
But how can I pulled the proof for this via the sql query?
da.sites AS “Site_Name”,
da.ip_address AS “IP_Address”,
da.mac_address AS “MAC_Address”,
da.host_name AS “DNS_Hostname”,
ds.vendor AS “Vendor”,
ds.name AS “Software_Name”,
ds.family AS “Software_Family”,
ds.version AS “Software_Version”,
ds.software_class AS “Software_Class”
dim_software ds USING(software_id)
dim_asset da ON da.asset_id = das.asset_id
ds.name ilike ‘%log4j%’
I also need to know this. Normally we can just report because it’s Application version xxx that’s affected but we are detecting on JAR files…I need to pull the filepaths manually. I am scanning thousands of systems so I know this will eventually get out of hand.
If Rapid7 can sort this out for us, we can automate reports daily instead of having to track through spreadsheets.