Cloud Pak for Security

We have a client that is asking if there is a way to check the system logs of OCP4 or CP4S itself to see if there are any signs of a breach related to Log4j (CVE-2021-44228).

Does anyone have these instructions for CP4S?

 

US CERT published a tool here.

Has anyone tried the following?

Huntress Log4Shell Tool:

https://log4shell.huntress.com/

------------------------------
Suzanne Russell CISSP, CRISC, GCIH, ITIL
Security Architect | IBM Alliance | Group Strategic Initiatives & Partnerships
Capgemini North America | Austin Texas
Mob.: + 1-512-913-9292
------------------------------

I realize I am way too late here, but we have a way to check for log4shell exploits in our Kestrel Threat Hunting Language: 
https://github.com/opencybersecurityalliance/kestrel-huntbook/blob/main/huntbooks/log4shell%20Detection.ipynb
https://github.com/opencybersecurityalliance/kestrel-analytics/tree/release/analytics/log4shell

Maybe we can add this "analytic" to CP4S Data Explorer in a future release (if anyone is still concerned 5 months after the disclosure).

------------------------------
Paul Coccoli
------------------------------

Original Message:
Sent: Thu December 16, 2021 03:36 PM
From: Suzanne Russell
Subject: Checking for Log4j breach indicators in CP4S

We have a client that is asking if there is a way to check the system logs of OCP4 or CP4S itself to see if there are any signs of a breach related to Log4j (CVE-2021-44228).

Does anyone have these instructions for CP4S?

 

US CERT published a tool here.

Has anyone tried the following?

Huntress Log4Shell Tool:

https://log4shell.huntress.com/

------------------------------
Suzanne Russell CISSP, CRISC, GCIH, ITIL
Security Architect | IBM Alliance | Group Strategic Initiatives & Partnerships
Capgemini North America | Austin Texas
Mob.: + 1-512-913-9292
------------------------------