CyberCNS scanner will check if any process is using the java log4j jar and also will check all the related parameters that are configured for marking it's as vulnerable for CVE-2021-44228.
CyberCNS is fetching Log4J Vulnerabilities based on the java processes running in the system and validating whether that process is using the Log4J Component or not. In case it is using Log4j components the system verifies if certain global environmental variables are set and the JVM options that are provided for that process. After considering all this, if any process matches the vulnerability criteria CyberCNS marks it as vulnerable.
Once authenticated vulnerability scan is completed successfully, the results are shown in the dashboard under Log4shell Vulnerability Analysis at Company Level and Global Level.
CyberCNS external scans will scan for log4j against open ports. If that port is found vulnerable for log4j, it will trigger a mail on the configured email ID under CyberCNS settings.
Please note only an external scan result with log4j vulnerability will trigger an email notification.
In case you are not receiving any mail, it means that there is no log4j vulnerability that is not triggering for the payload that is being used. To verify that CyberCNS is working you can download the following application and run it on any machine.
https://github.com/christophetd/log4shell-vulnerable-app
Once installed you can trigger an external scan or you can do a probe/LW-based scan and you should see the dashboard and the mail from Canary Tokens.
There are three modes of Log4j detection. The one on the dashboard is a deep scan to find Log4j instances in any of the machines.
However, in the case of VMware, there is no access to the Vcenter filesystem to find out if the system is vulnerable. So we are doing a version-based detection of the Log4j vulnerability and that shows under the internal report of Vulnerabilities.