Forum Discussion
Additional Plugins Released for Log4Shell - Apache Log4j...
I've not had much luck with plugin 155998 or 156014 but others in my company have reported some success with these plugins. So it could be that our existing rules block this type of check.
When it comes to the other plugins, I've performed my normal scans using existing policies that are automatically updated and found nothing. When using the 4 main plugins or the provided scan template, as long as the Assessment Accuracy is set to "Perform thorough tests" I was able to successfully identify log4j files on a system. The process still requires some evaluation to prioritize but at least I was able to identify systems with the library files.
Our teams are also using other tools to help identify the vulnerabilities as well as scripts from GitHub.
Hi @John Spurlock,
I'm sorry to hear you're experiencing issues with the two remote direct check plugins. My colleagues have put together a document explaining how the callbacks work for those two plugins in particular. I hope that this document helps answer your questions. We also have another post that is an overview for each of the plugins.
If you're still experiencing issues with the plugins, I would recommend opening up a support case.
