[ad_1]
Apache has launched a brand new replace for Log4j, model 2.16.0. Whereas the earlier launch (2.15.0) eliminated the power to resolve lookups, and addressed points to mitigate CVE-2021-44228, this launch disables JNDI by default and removes help for message lookups.
Please see the Cisco Talos website for up to date and evolving protection on Log4j
Automating Cisco PSIRT crucial alerts through Cisco SecureX and Webex Groups
On this weblog put up we are going to cowl a SecureX automation that may assist safety operations (DevSecOps) groups to be alerted when a brand new Essential Affect Safety Advisory is printed (or up to date) from Cisco PSIRT. An excellent instance has been the current Log4j library inflicting a vulnerability for some software program all over the world (together with many Cisco merchandise). Let’s break it down first…
What’s Cisco PSIRT?
The Cisco Product Safety Incident Response Workforce (PSIRT) is a devoted, international crew that manages the receipt, investigation, and public reporting of safety vulnerability data that’s associated to Cisco merchandise and networks. PSIRT has over 20 years of expertise serving to to alert clients about vulnerabilities in Cisco merchandise.
What’s Log4j and why are PSIRT Alerts extra necessary than ever for Cisco clients?
Apache Log4j is a Java-based logging utility and is a part of the Apache Logging Companies, a venture of the Apache Software program Basis. Log4j is considered one of a number of Java logging frameworks. Logging is extraordinarily necessary for developer groups, since it might file the exercise of an software, which can be utilized for a lot of functions, together with debugging, efficiency enchancment and auditing/compliance. Logging frameworks make it simpler for builders to standardize this course of. The great factor is that utilizing a logging service negates the necessity to explicitly output to a console, and likewise that the storage of the logs turns into unbiased of the code and may due to this fact be personalized at runtime.
On Thursday, December 9, the Apache Software program Basis disclosed a safety vulnerability in a widely-used Java software program library referred to as Log4j. This vulnerability is known as a zero-day exploit as a result of it was shared with everybody on the similar time — the general public, distributors, clients — on Twitter together with software program code (known as exploit code) to make the most of this bug and infiltrate an affected product.
Log4j is open-source software program, which implies that it may be used freely all over the world by software program builders, together with at Cisco. PSIRT is the only entity licensed inside Cisco to reveal vulnerability data to clients. It’s due to this fact particularly necessary to maintain monitor of their crucial alerts.
How can we automate the PSIRT crucial alerts?
Alexandre Argeris has constructed an impressive new SecureX orchestration (SXO) workflow. I’ve helped him by documenting this on GitHub. The workflow (i.e. playbook) fetches Essential Affect Safety Advisories from the previous week from Cisco PSIRT API, scheduled each hour. If there are any new advisories, or if an present advisory is up to date, a SXO desk is up to date, a SecureX Casebook is created and optionally a Webex notification is distributed.
Automating this, allows SecOps groups to rapidly see when there may be both a brand new PSIRT alert, or when one is up to date. Updates can generally comprise essential data that should be reviewed. You will need to keep updated with these advisory updates (particularly with wide-spread zero-day exploits like Log4j), to reduce the prospect of a cyber-attack to your group.
If you wish to see a demo of this cool automation, verify this video from Alexandre Argeris! Beneath is a screenshot of the Casebook being created in SecureX:
That is the v0 model of our workflow, with many cool options to return! We hope it should encourage others to construct comparable cool integrations utilizing the Cisco PSIRT API and SecureX orchestration. Please discover detailed directions to put in this workflow right here. Take pleasure in and keep protected!
Want extra data?
Now for the reason that Log4j vulnerability is prime of thoughts for a lot of DevSecOps groups, we wish to ensure you have entry to the most recent data. Please discover that beneath:
Share:
[ad_2]
