Hello Team, BigFix Inventory signatures seem to miss out on log4j*.jar files and not report them via these signatures:
https://bigfix.me/signature/details/124434
https://bigfix.me/signature/details/124722
https://bigfix.me/signature/details/124819
Is there any new signature files being developed to find “log4j*.jar”? Asking this because Logpresso can find them: e.g. This was discovered by Logpresso, but BFI did not report it (I am hiding the path due to confidentiality and replacing it with ):
[] Found CVE-2021-44228 vulnerability in C:********\lib\log4j-core-2.9.1.jar, log4j 2.9.1
BigFix Inventory signatures support discovery inline with existing scan configuration and discovery standards. This is simplified solution reporting existence of log4j specific file names residing in directories as configured for the standard scan.
It looks to me like that file should have matched the first signature, I’m not sure why it wouldn’t…it’s the usual filename convention and not part of an archive.
Signature I created only looks for log4j* and that brings in much more log files and matches closely to the files reported by logpresso (except reading inside the jar / zip files).