The single word that encompasses why we believe in the strength of the security field and specifically our project here at Uptycs. The open-source osquery agent has a diverse, brilliant group of contributors that have contributed to its dramatic rise as a go-to unified agent for security teams.
Over the past week, the security community was put to the test and brilliantly rose to the challenge yet again as teams rallied to uncover and remediate Log4Shell/LogJam vulnerability. CVE-2021-44228 targets a vulnerability in Apache Log4j versions <=2.14.1, a Java logging library. When successful, unauthenticated attackers are able to remotely execute code using the exploit.
In a field that feels like the lurking adversary has unlimited resources at hand, we trust our tools and the people who built them, we find comfort in the underlying camaraderie that stretches from individuals in security teams around the world.
Our team at Uptycs has worked around the clock to support customers with tailored fixes to their environments. In doing so, we analyzed optimal ways to leverage the extensive data from the osquery agent into your remediation efforts.
For the osquery community, Uptycs has compiled the following list of tables and actions to help speed up your investigation and remediation cycle for combating the Log4j vulnerability.
Additionally, enterprises working with Uptycs have access to a number of enhancements that help with Log4j remediation and mitigation, including additional telemetry, an eventing framework for real-time detection, and a Flight Recorder that enables historical queries even for systems that are no longer online.
These extensions to osquery enable faster response times to emerging vulnerabilities like Log4j. For one example, we used our java_packages table to scan inside uber and shaded jars so that Security teams can inventory the vulnerable Log4j library in containerized environments.
If you have any additional tables and actions that you have found particularly useful, please reach out to jcolvin@uptycs.com and we will incorporate them ASAP into this article for the broader community to reference.