Playbook: Internal Host WinRM log4j Respond
Description
Published in response to CVE-2021-44228, this playbook accepts a list of hosts and filenames to remediate on the endpoint. If filenames are provided, the endpoints will be searched and then the user can approve deletion. Then the user is prompted to quarantine the endpoint.
Apps
How To Implement
The winrm asset requires Administrator access to gather certain files.
Explore Playbook
Click the playbook screenshot to explore in more detail!
Reference
source | version: 1