The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Log4Shell - How Can ServiceNow help?

Alex Cox
ServiceNow Employee
ServiceNow Employee

on ‎12-15-2021 03:30 PM

Hi everyone,

In the face of the current vulnerability crisis with log4shell, many people have been asking me how ServiceNow can help, and asking here in these forums how ServiceNow is doing with it. 

Several teams worked together to assemble a two page response on the question of how we can help our customers manage the challenge, and I've attached it here in case it can help you.

Here are some image previews - please see the article's attachment for the full doc.

find_real_file.pngfind_real_file.png

Update: since the initial post of this message, we have also created the attached "Log4J detection and remediation with ServiceNow" PDF to walk through solutions in more detail. Kudos to Steve Emerson and Sree Subramaniam from ServiceNow's ITOM Product Management team for their work on this doc!

Here is a sample: 

find_real_file.png\

In addition, here is a demo video from ServiceNow's M Naser, showing how Vulnerability Response can help drive remediation efforts:

Next, regarding ServiceNow's status with Log4J / Log4Shell, please see these KB articles which speak to the threat and our readiness in general:

ServiceNow KB: KB1000959

ServiceNow Security Advisory KB: KB0870307

Edit: please note that these links require logging in! They will show as "No Longer Available" until you log in.

Preview file
344 KB
Preview file
3955 KB
Preview file
44 KB
Preview file
351 KB
Preview file
69 KB
Preview file
65 KB
Preview file
337 KB
Preview file
344 KB
  • 3,764 Views
Comments
mortenkschoeler
Mega Guru
‎12-15-2021 10:22 PM

Thank you Alex

Nice work 🙂 Much appreciated

However, I tried to follow the links to the two KB articles, and unfortunately I get the "The article is not longer available" message for both. I know from previous experience that I may get it, when logging in to the support site. After logging in, I get the KB articles shown.

Perhaps a change in the standard message could get even more people to read the articles?

Kind regards

Morten Kær Schøler

 

Alex Cox
ServiceNow Employee
ServiceNow Employee
‎12-16-2021 09:33 AM

Thank you for the heads up!

I did see the same behavior you mentioned, with it working after logging in.  I updated the article above to include a note on that and will share this feedback with the support team.

Alex Cox
ServiceNow Employee
ServiceNow Employee
‎02-16-2022 02:34 PM

Hello everyone! 

FYI: this article has been updated to include a new document that walks through solutions in greater detail.

Best regards,

Alex

Version history
Last update:
‎12-15-2021 03:30 PM
Updated by:
ServiceNow Employee