Hello! I was wondering, do you plan on detecting things such as the latest log4j CVE, for example? It could be done by querying java software/library versions, but it might be out of your scope...
12/13/2021, 6:45 PM
To be honest, I'm not sure. Depends a lot on what people need.
My impression is that the most critical targets, are servers. And generally speaking, we're focused on endpoints.
So how meaningful is it to query the installed java version?
Yes, I agree this one does seem like a pretty punctual need. I keep getting stuck on it feeling very far from something to detect on an endpoint.
Looking at that link, most of the suggestions feel very oriented around detecting problems in your server fleet. Which feels valuable, yes, but not clearly applicable. (Also note much of that is looking for whether the feature is disabled, not whether the underlying process is vulnerable)