How to find Log4j vulnerable severs in ServiceNow Using CMDB Query Builder
What is Log4j ? :
Log4j is a fast, reliable and flexible logging framework which is written in java. It is an open-source logging API for java.
Simply the logging means some way to indicate the state of the system at runtime. Logs are used to capture and persists the important data and make it available for analysis at any point in time.
Why its Viral now ? :
The security risk with Log4j has been termed as CVE-2021-44228 or Log4Shell or LogJam. It has been ranked among the most severe security risks on the internet as of now, as it affects all versions of Log4j. This includes Log4j version 2.0-beta-9 to version 2.14.1. This simply leaves a vast number of services exposed to the vulnerability, since there are a whole lot of systems using Log4j.
So, Lets explore how we can find the list of vulnerable servers from ServiceNow CMDB Step -by- Step...
Step 1 : Open the unfamiliar cmdb_ci_spkg table >> Software package table. This table contain the list of software instances that are discovered from your infrastructure via discovery.
Step 2 : On the other hand open the CMDB query builder module (one of my favorite)
Step 3 : From the query builder windows click on > Create New
Step 4 : Give a crazy name, select the type as CMDB query >>
Step 5 : From the cmdb class search for 'windows server' > or any other items that you want to find eg. linux server > centOS.
Click and drag the item in to the canvas as we do in workflow.
Step 6 : On the non CMDB table search for 'software instance', click and drag the item right next to the Windows server item.
Step 7 : Time the connect the dots, click on the 'Windows server 1' and connect it to the 'Software instance 1' same as we do in standard workflow.
Step 8: Click on the 'Software instance 1' item and click on the filter icon and set the below filter to find log4j vulnerable items.
Step 9 : The returned list of Software are the once which are vulnerable to log4j Vulnerability....
I hope it helps, Kindly Mark 👍 Helpful if applicable., So that others get benefited in future for similar needs...
Thanks,
MF Sohail Khilji.
LinkedIn > https://www.linkedin.com/in/mf-sohail-khilji/
<<<<<< More Articles >>>>
- ServiceNow Integration with Splunk
- LDAP Integration with ServiceNow
- ServiceNow Integration with Veeam
- Handling ServiceNow flow errors with a flow
- Show parent child incident relationships - display in field message
- ServiceNow SSO Logout Error (redirects to logout page) – Reason, Fixes and Cause.
- Multi Row Variable set ServiceNow MRVS - Creating - Scripting - Example - Limits
- ServiceNow Integration with MAC vendor - Get Mac vendor for the given MAC Address.
