Try in Splunk SOAR


Investigate an internal unix host using SSH. This pushes a bash script to the endpoint and runs it, collecting information specific to the December 2021 log4j vulnerability disclosure. This includes the java version installed on the host, any running java processes, and the results of a scan for the affected JndiLookup.class file or log4j .jar files.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps: SSH
  • Last Updated: 2021-12-14
  • Author: Philip Royer, Splunk
  • ID: 49b2b88c-8e22-48a6-8808-ace1efcb194b
  • Use-cases:

Associated Detections

How To Implement

The ssh asset requires sudo access to scan the whole file system.

Explore Playbook


Required field


source | version: 1