Forum Discussion
Tenable Log4Shell Scan Templates Overview Tenable has...
Tenable Log4Shell Scan Templates Overview
Tenable has developed the following Nessus, Tenable.sc and Tenable.io, WAS and Agent Scan Templates to streamline our customers’ Log4j vulnerability management efforts. Each of these scan templates packages the recommended scan configurations and plugins to conduct common or repeated Log4j vulnerability scanning activities.
Log4Shell Remote Checks
This Nessus, Tenable.sc and Tenable.io template provides an external view by assessing your systems from an outside attacker’s perspective. No credentials are required and detection is based on direct remote checks to detect exposure. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins 156014 and 155998 that are included in this template.
Log4Shell Vulnerability Ecosystem
Use this Nessus, Tenable.sc and Tenable.io template to begin your assessment with the most comprehensive set of plugins. It includes:
All plugins for CVE-2021-44228, including the generic local and remote detections
- Plugin for CVE-2021-45046
- Plugin for EOL detection for Log4J v1.x
- Plugins for software from third party vendors that have patched CVE-2021-44228 in their products
This template is dynamic, and will be regularly updated with new plugins developed as third party vendors patch their software. A new plugin 156061 - Log4Shell Ecosystem Wrapper was developed to dynamically include plugins related to the Log4j vulnerabilities into this scan template. It is a wrapper plugin that will be used to keep the template dynamically updated. Details of the plugins that are included in this scan template can be found here - https://www.tenable.com/plugins/nessus/156061
Additionally, this dynamic template is released with the “Hide results from plugins initiated as a dependency” setting disabled ensuring all dependent plugins that do not normally report to show up in the template scan results.
Re-scanning at regular intervals is recommended and credentials are required for local plugins. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins included in this template.
Log4Shell
This Nessus, Tenable.sc and Tenable.io scan template includes generic plugins for detection of CVE-2021-44228 that are based on whether the Log4J library is being used. Credentials are required for local detection. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins included in this template.
WAS Log4Shell
This Tenable WAS scan template includes generic detection of CVE-2021-44228 via direct check and file detection WAS plugins.
Agent Log4Shell
This Nessus Agent scan template includes 4 local plugins for CVE-2021-44228 detection on Nessus Agent systems.
Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
6 Replies
can someone explain how we do an update to security center Feed so that i am able to use the new Log4j policy please.
My regular server scan removes the data from the LOG4j Ecoscan. Anyone else seeing this?
Pretty sure this is because of the 'thorough scan' option not being on for these plugins in your normal server scan. If that option isn't on, I believe it assumes those findings are no longer valid.
Like Juan I am looking for how to use Tenable.sc to scan for this. I found a video of Tenable.io, but no info on how to actually use these dashboards. How many of are scratching our heads...unable to make efficient use items to help us.
How often are scan templates added? How often are the updates?
