Qualys/log4jscanwin

Agent not picking up log4j_findings.out

Opened this issue · 1 comments

For the last 3 days the Qualys agent has not been picking up the .out file the log4jscanwin scan produces. I also noticed this started as soon as Qualys added a new enhanced feature. Any changes made to the code or anything else to cause this issue? https://notifications.qualys.com/product/2022/01/14/upcoming-enhancements-to-log4j-qids

Another Qualys user here! We have a case open with Support and our TAM has escalated the case, but internal investigations within our console suggests the Qualys cloud agent is closing/fixing the Log4j OOB QIDs, resulting in inaccurate vulnerability reporting since the QID enhancements were pushed into the KB. One way to check whether you're experiencing the same issue is to look at an asset within AssetSearch and check on the vulnerability findings --> Find an OOB QID and look at the ticket's history. From there, that's where we noticed appliance based scans are detecting/re-opening the vulnerability and allows the vuln to come through in open reports, but the next time the agent performs a scan, the ticket is closed/fixed and suppressed from reports. Whether you're experiencing the same issue or not, please open a case with your TAM so these issues can be reviewed and addressed!