Log4j proof

Per this article I can check my systems for log4j using an sql query:

But how can I pulled the proof for this via the sql query?

da.sites AS “Site_Name”,
da.ip_address AS “IP_Address”,
da.mac_address AS “MAC_Address”,
da.host_name AS “DNS_Hostname”,
ds.vendor AS “Vendor”,
ds.name AS “Software_Name”,
ds.family AS “Software_Family”,
ds.version AS “Software_Version”,
ds.software_class AS “Software_Class”
dim_asset_software das
dim_software ds USING(software_id)
dim_asset da ON da.asset_id = das.asset_id
ds.software_class like’%’
ds.name ilike ‘%log4j%’
ds.name ASC

1 Like

I also need to know this. Normally we can just report because it’s Application version xxx that’s affected but we are detecting on JAR files…I need to pull the filepaths manually. I am scanning thousands of systems so I know this will eventually get out of hand.

If Rapid7 can sort this out for us, we can automate reports daily instead of having to track through spreadsheets.

Also need a SQL query for findings of Lof4Shell Vulnerabilities with the output of the proof.
This would speed up the process!

Troy posted a SQL query here that includes the proof, along with a lot of other info about the host and the vulnerability. Hopefully that provides you with a solid start, at least.

1 Like