This release resolves the following issues
- Bug 640245 – FortiGuard IOC update fails because of an expired certificate
- Bug 639713 – The Dashboard table view performance is slow
- Bug 639713 – Queries using the Dynamic Watch List fail in a Cluster environment. This is because these values are not propagated to Redis slaves running on Worker nodes.
Bug 653943 – FortiSIEM Windows Agent on certain platforms including Windows 10 Pro, may crash while doing File Integrity Monitoring checks. This can cause the FortiSIEM Windows Agents to get disconnected from FortiSIEM GUI and cause events to stop coming.
Note that you must obtain a new FortiSIEM license to get FortiGuard IOC functionality, even if your license has not expired. Follow these steps if you are using FortiGuard IOC:
- Obtain a FortiSIEM license from FortiCare.
- Upgrade FortiSIEM. See the Upgrade Guide.
- Apply the new FortiSIEM license. See the Licensing Guide.
- Schedule the FortiGuard IOC download.
One FortiSIEM module (3rd party ThreatConnect SDK) uses Apache log4j version 2.8 for logging purposes, and hence is vulnerable to the recently discovered Remote Code Execution vulnerability (CVE-2021-44228) in FortiSIEM 5.2.6-5.4.0.
These instructions specify the steps needed to mitigate this vulnerability without upgrading Apache log4j to the latest stable version 2.16 or higher. Actions need to be taken on the Supervisor node only.
Logon via SSH as root.
Mitigating 3rd party ThreatConnect SDK module:
Delete these log4j jar files under
Restart all Java Processes by running:
“killall -9 java”