Playbook: Internal Host SSH Log4j Respond

Description

Published in response to CVE-2021-44228, this playbook accepts a list of hosts and filenames to remediate on the endpoint. If filenames are provided, the endpoints will be searched and then the user can approve deletion. Then the user is prompted to quarantine the endpoint.

Type: Response Date: 2021-12-14 Author: Kelby Shelton, Splunk ID: 6ea2007c-8ef8-4647-a4a4-7825cfee3866

Apps

SSH

How To Implement

The ssh asset may require ssh access to delete some files depending on their permissions.

Explore Playbook

Click the playbook screenshot to explore in more detail!

Reference

https://github.com/Neo23x0/Fenrir/blob/master/fenrir.sh

source | version: 1