When news breaks of a major security story, like the vulnerability in the open-source Apache logging library Log4j (CVE-2021-44228), vendors and organizations move as fast as they can to understand the issue, determine their exposure, and mitigate the risks.
A quick demo of how you'd search for all your resources to see which ones have Log4j installed is shown below. Of course, this doesn't replace a search of your codebase. There's also the possibility that software with integrated Log4j libraries won't appear in this list. But it's definitely helpful for initial triaging when a major incident is unfolding.
Search Azure Resource Graph data
Azure Resource Graph (ARG) provides instant access to resource information across your cloud environments with robust filtering, grouping, and sorting capabilities. It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal.
ARG provides another way to query your resource data for resources found to be vulnerable to the Log4j vulnerability:
OpenAzure Resource Graph Explorer.
Enter the following query and selectRun query:
| where type =~ "microsoft.security/assessments/subassessments"
| extend assessmentKey=extract(@"(?i)providers/Microsoft.Security/assessments/([^/]*)", 1, id), subAssessmentId=tostring(properties.id), parentResourceId= extract("(.+)/providers/Microsoft.Security", 1, id)
| extend Props = parse_json(properties)
| extend additionalData = Props.additionalData
| extend cves = additionalData.cve
| where isnotempty(cves) and array_length(cves) > 0
| mv-expand cves
| where tostring(cves) has "CVE-2021-44228"
| distinct parentResourceId