Rapid Response advisory and queries for exposed F5 BIG-IP products affected by recent nation-state breach, threat data now visible for Platform Enterprise customers, and one new fingerprint for Interactsh servers.
Platform
-
Some threat data for hosts and web properties is now viewable by all users on Enterprise accounts.
-
The following fields can be seen in the Platform web console and retrieved via API, but may not be searched for or pivoted across unless you also have access to the Threat Hunting module.
Data field Description *.threats.id A unique identifier for the threat. *.threats.name Name of the threat, such as Cobalt Strike. *.threats.tactic How the threat behaves and the purpose of the activity, such as COMMAND_AND_CONTROL and PERSISTENCE. *.threats.type The role of the service, such as PHISHING_SERVER and WEBSHELL.
-
Rapid Response
The Censys Rapid Response team published information about and queries for the following issue.
- Nation-State Breach of F5 Networks — Exposure of BIG-IP Source Code & Undisclosed Vulnerabilities
- The queries below can identify F5 BIG-IP instances, but they cannot determine whether systems are vulnerable.
New fingerprints
Added the following fingerprints.
| Type | Name | Description | Query |
|---|---|---|---|
| software | Interactsh Server | This is an Interactsh server. Interactsh is an OOB interaction gathering server and client library. | Platform query |
