Running these probes will trigger the standard Log4j flow without causing any harmful impact on either the device being probed or the probing device.
Go to Settings > Device discovery > Discovery setup. This includes probing from multiple onboarded endpoints (Windows 10+ and Windows Server 2019+ devices) and only probing within subnets, to detect devices that are vulnerable and remotely exposed to CVE-2021-44228. This will initiate probes in the same way device discovery actively probes your network. Onboarded devices, are assessed using existing embedded Defender Vulnerability Management capabilities that can discover vulnerable software and files.įor detection on discovered but not yet onboarded devices, Log4j detection must be enabled. Exposed devices discoveryĮmbedded Defender Vulnerability Management capabilities, along with enabling Log4j detection, in the Microsoft 365 Defender portal, will help you discover devices exposed to the Log4Shell vulnerability. Support on macOS requires Microsoft Defender for Endpoint macOS client version 20.121111.15416.0 or later.įor more information on supported versions, see Supported operating systems platforms and capabilities. Support on Linux requires Microsoft Defender for Endpoint Linux client version 101.52.57 (30.121092.15257.0) or later. These capabilities are supported on Windows 10 & Windows 11, Windows Server, Linux and macOS. Advanced hunting: Use advanced hunting to return details for vulnerable log4j files identified on disk. 
Mitigation options: Apply mitigation options to help lower your exposure risk. It can take up to 24 hours for data related to exposed devices to appear on the dashboard. You can use this information to prioritize your remediation actions. 
This view shows your exposure at the device level and software level, and provides access to details on vulnerable files like, the last time it was seen, the last time it was executed and the last time it was executed with open ports. Threat awareness: A consolidated view to assess your organizational exposure.
Discovery: Detection of exposed devices, both Microsoft Defender for Endpoint onboarded devices as well as devices that have been discovered but are not yet onboarded, is based on vulnerable software and vulnerable files detected on disk.
Overview of discovery, monitoring and mitigation capabilitiesĭefender Vulnerability Management provides you with the following capabilities to help you identify, monitor, and mitigate your organizational exposure to the Log4Shell vulnerability: Refer to the blogs Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability and Microsoft Security Response Center for guidance and technical information about the vulnerability and product specific mitigation recommendations to protect your organization.
0 kommentar(er)
