Hi Tenable Community - sanity-check on the Nessus updates to scan for this. For some servers I do not have auth (don't ask) - will the Log4Shell scan work to completion or provide partial results?

I have had good luck with WAS detection but I have yet to get the Nessus plugins to work. There are not firewall, NAT or interface issues to be concerned with. Hundreds of systems and zero detections. Plugins are current. Tried canned template and custom template with plugins enabled. No luck.

Any chance we could hear a little more about how this works? Does the plugin bind a listening service to the scan server for call back?

Any help would be appreciated.

Thank you,

John

I've not had much luck with plugin 155998 or 156014 but others in my company have reported some success with these plugins. So it could be that our existing rules block this type of check.

When it comes to the other plugins, I've performed my normal scans using existing policies that are automatically updated and found nothing. When using the 4 main plugins or the provided scan template, as long as the Assessment Accuracy is set to "Perform thorough tests" I was able to successfully identify log4j files on a system. The process still requires some evaluation to prioritize but at least I was able to identify systems with the library files.

Our teams are also using other tools to help identify the vulnerabilities as well as scripts from GitHub.

I've been also having these issues, and confirmed that the Tenable plugins don't work as expected, scanned our complete DMZ (24k IPs) for hours without a single hit... I found this on Twitter from a trusted security researcher also having the same problem, using the provided template or a custom one built adding the plugins. We have defined to not use Tenable for this, and moving to the GitHub scripts. Given the time constraint, I'd recommend to not waste time trying to work this out, unless you're doing other discovery activities in parallel.