Apache Log4j Vulnerability Guidance

 In News

OneStream Networks information regarding log4j vulnerability.  OneStream Networks does not have any public postings in regards to this issue as we do not utilize log4j.  As part of our due diligence, OneStream Networks is following the same protocol with all of our vendors and the guidelines as set forth by the Cybersecurity and Infrastructure Security Agency.

Immediate Actions to Protect Against Log4j Exploitation

• Discover all internet-facing assets that allow data inputs and use Log4j Java library anywhere in the stack.

• Discover all assets that use the Log4j library.

• Update or isolate affected assets. Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity.

• Monitor for odd traffic patterns (e.g., JNDI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections)

Review Apache’s Log4j Security Vulnerabilities page for additional information and, if appropriate, apply the provided workaround.