Follow these instructions to create a network scan profile for detecting the Log4Shell vulnerability.
- Login to Security Center.
- Click Scan network in the main menu.
- Click Scan profiles.
- Click +Add scan profile>Vulnerability profile
- Under the headline General information enter the following:
- Name: the name of the profile, e.g. Standard scan profile.
- Owner: the owner of the schedule.
- Details: any comments or a brief description of the profile that you want to add.
- For settings under tabs, Scan settings:
- Unauthenticated scanning:
- Mark the discovery scan.
- scroll all the way down to the Vulnerability Detection and choose Custom.
- In the Vulnerability section insert each of the HIDs for non-authentication Log4jShell test separately:
- In the Vulnerability section insert each of the HIDs for non-authentication Log4jShell test separately:
- Mark the discovery scan.
- Authenticated scanning:
- scroll all the way down to the Vulnerability Detection and choose Custom.
- In the Vulnerability section insert each of the HIDs for the Log4jShell vulnerability separately:
- In the Vulnerability section insert each of the HIDs for the Log4jShell vulnerability separately:
- At the moment, we have multiple tests to detect the Log4Shell vulnerability:
- HID-2-1-341383
- HID-2-1-341381
- HID-2-1-341382
- HID-2-1-371872
- HID-2-1-371879
- HID-2-1-371866
- HID-2-1-026309
- HID-2-1-939587
- HID-2-1-341380
- HID-2-1-341389
- HID-2-1-341395
- HID-2-1-341383
- HID-2-1-341382
- HID-2-1-5348677
- HID-2-1-5348688
- HID-2-1-5348682
- HID-2-1-5348681
- HID-2-1-5348680
- HID-2-1-5348683
- HID-2-1-5348686
- HID-2-1-5348685
- HID-2-1-5348689
- The Profile should look similar to this image:
- scroll all the way down to the Vulnerability Detection and choose Custom.
- Unauthenticated scanning:
- Under the headline, Authentication:
Here you can enter a new authentication record or choose an existing one for Windows and Linux/Unix. Notice that you can only have one authentication record per profile and operating system.- Linux/Unix authentication record
- Authentication information
The authentication information will be the name you type in. - Name
Select a name. -
Port
-
Type in if you want to use a certain port for your authentication, otherwise, the standard port 22 will be used.
-
Choose if you want to authenticate with either username and password or by using a private key, type in your credentials, and you are done.
-
- Authentication information
-
Windows authentication record
-
Authentication information
The authentication information will be the name you type in. -
Name
-
Select a name.
-
Type in the credentials you would like to use for your authenticated scan.
-
Check “Use NTLM” if you are using the NTLM protocol to authenticate your domains.
Read this for more information regarding authenticated network scans:
https://support.holmsecurity.com/hc/en-us/articles/360019811432-How-does-authenticated-networks-scans-work-
-
-
- Linux/Unix authentication record
- Click OK to save the scan profile.
- Click SCANS in the Scan network menu.
- Click +Add Scan>Vulnerability scan
- Under the headline General information enter the following:
- Name: the name of the Scan, e.g. Log4Shell.
- Scan profile: Choose your recently created scan profile that has the right login credentials for the Host you want to scan.
- Scanner Appliance: Choose either:
- External (Holm Scanner Appliance).
- Scanner Appliance (Your local installed Scanner Appliance).
- Under the headline, Target enters the IP or IP range that you want to scan.
- Click Run to start the scan.
- Done!
Note! To check if your systems are affected by the Log4Shell vulnerability you will need to run an Authenticated Network Scan using Holm Security VMP.
You can only use the HID-2-1-341380 with Non-Authentication (Works only with the External Scanner Appliance).
0 Comments