The recent Apache Log4j security vulnerability (CVE-2021-44228) was publicly disclosed on December 9, 2021. It allows unauthenticated remote code execution in applications that use Apache's log4j versions above 2.0 and below 2.15.0.

Log360 UEBA uses Log4j version 2.11.1 which can potentially be affected. Our experts are analyzing the issue and as of now, we have no evidence that the vulnerability was exploited.   

We strongly recommend that our Log360 UEBA customers follow the precautionary steps below:  

Step 1: Stop Log360 UEBA service.

Step 2: Navigate to <Log360 UEBA Installation folder>\ES\config and take backup of jvm.options

Step 3: Edit the jvm.options, and add the following as displayed in the image, and save the file

Dlog4j2.formatMsgNoLookups=true

Step 4: Navigate to <Log360 UEBA Installation folder>\conf

Step 5: Take backup of wrapper.conf

Step 6: Edit wrapper.conf and add the following, as displayed in the image, and save the file

wrapper.java.additional.20=-Dlog4j2.formatMsgNoLookups=true