Elements Connector Changelog

anesterov · 2021-06-23T09:13:25+00:00

There was an error rendering this rich post.

This changelog provides updates for the WithSecure™ Elements Connector, which facilitates integration between WithSecure Elements and third-party systems. It includes the latest enhancements, fixes, and new features that improve data synchronization, event forwarding, and interoperability with external platforms such as SIEMs, ticketing systems, and other security tools.

Find more posts tagged with

Changelog

Comments

Jouni_J

Elements Connector

A new release of Elements Connector 25.17 for both Windows and Linux is now available. This release includes the following changes:

Linux service
- The Elements Connector now runs as a systemd unit, extending support to modern Linux distributions.
Java Runtime Environment
- Upgraded to JRE 17 for enhanced performance and security.
Spring Framework
- Updated Spring Framework to version 6.2.4.
- Updated Spring Security to version 6.4.4.
Removal of old update server
- Elements Connector no longer attempts to connect to the old update server (https://guts2.sp.f-secure.com), which was taken offline earlier this year.
Security enhancements
- Addressed multiple recently discovered vulnerabilities, including:
  - JRE vulnerabilities: CVE-2024-21147, CVE-2024-21140, CVE-2024-21235, CVE-2025-21502
  - Spring vulnerabilities: CVE-2024-38829, CVE-2024-38828, CVE-2024-38820, CVE-2024-38819, CVE-2024-38816
MSI installation fix
- Resolved an issue with MSI installation, where non-default HTTPS port was reverted back to default.
New supported platforms
- Linux: Added support for Alma 9, Oracle 9, RHEL 9, and Rocky 9.
- Windows: Added support for Windows Server 2025.
General improvements
- Missing update version cache is refreshed in every polling interval instead of 1 hour.
- Other fixes and enhancements for better stability and performance.

Elements Connector 25.17 supports the following operating systems:

Windows:

Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2025
Windows 10
Windows 11

Linux:

Alma Linux 8, 9
Debian 11, 12
openSUSE Leap 15
Oracle Linux 8, 9
Red Hat Enterprise Linux 8, 9
Rocky Linux 8, 9
SuSE Linux Enterprise Server 12, 15
SuSE Linux Enterprise Desktop 12, 15
Ubuntu 18.04, 20.04, 22.04, 24.04 LTS

NOTE! Known Limitations of Early access versions distribution

We want to inform you about a known limitation with the Elements Connector when used to redistribute definition updates to managed Elements agents for Windows and Mac. If any connected devices are enrolled in the early access client software program, early access versions might inadvertently be distributed to all devices fetching definitions from this Connector instance.

To ensure smooth operation and avoid unintended early access updates distribution, please set up a separate Connector instance to serve definitions to the early access agents group, or disable the use of the Connector for devices in the early access group. This limitation will be addressed in future Connector versions.

Installation Options

First-Time Installers: Available on our Software download page.
Automatic Channel Upgrade: Scheduled for Monday, May 5th 2025.

LiselotteP

Elements Connector

A new release of Elements Connector 24.25 for both Windows and Linux is now available. This release includes the following changes:

Security Updates:
- Upgraded Spring Framework to version 5.3.34, addressing CVE-2024-22262.
MSI Installation Fix:
- Resolved an issue with MSI installation in localized Windows environments.
Fix for DNS Resolving:
- Addressed DNS resolving issues through upstream HTTP proxies when using isolated DNS.
New Channel Subscriptions for WS-GUTS2:
- Elements Connector now subscribes to the following WS-GUTS2 channels:
  - swup-win-db
  - sidegrade
  - elements-connector-win
  - elements-connector-linux
New supported Linux platforms:
- Added support for following Linux distributions:
  - Alma 8
  - Debian 11 & 12
  - Rocky 8
  - Ubuntu 24.04 LTS

Installation Options:

First-time installers are now available on our Software download page.
The channel upgrade is scheduled for Tuesday, June 25th.

Jouni_J

Dear Community,

A new release 24.05 is rolled out with the following changes:

Support Event Forwarding for Elements Collaboration Protection security events
Support serving updates from new WithSecure GUTS2 update server
- This change ensures, that WithSecure Elements endpoint agents can receive updates via Elements Connector, when using the new WithSecure GUTS2 server address.
- More about the related network address changes can be found from here: Network addresses for WithSecure Elements (cloud-managed products) - WithSecure Community
GUTS2 update server connectivity indicators in Elements Security Center
- In this release we will highlight if GUTS2 server addresses are unreachable, and managed clients might stop receiving updates when using Elements Connector for caching updates.
- This warning will be visible as a warning in Connector device view in Elements Security Center:

Improvements for upgrade installation on RPM-based Linux systems
Improvements for installation on Windows
Bug fixes

The new version is available as a first-time installer, as well as a channel upgrade.

AleksandrG

Dear Community,

In order to provide a better and more unified set of APIs for WithSecure Elements, we are progressively deprecating the Endpoint Protection API and replacing it by Elements API. If your Elements Connector is used to stream security events from the WithSecure Elements portal to your SIEM and was configured before 23.05 release, it might be still using Endpoint Protection API.

Elements Security Center will warn you if actions are needed in the Issues list:

Corresponding warning is also shown in the Connector device view:

In order to preserve event forwarding functionality please switch over to using Elements API credentials before 31.12.2023. You can find full details of the required changes in the userguide.

AleksandrG

Dear Community,

A new release 23.05 is rolled out with the following changes:

The Elements Connector Ultimate proxy is introduced with this release. This feature allows Connector to act as a proxy for all traffic between WithSecure endpoints and cloud services simplifying firewall configurations and allowing the use of WithSecure products in semi-closed environments. It extends GUTS2 and SWUP caching only mode and is enabled for all Connectors by default.

It is now possible to chain Elements Connectors so that it uses another one to reach the backends. For that, you need to specify the upstream connector in the profile as an HTTP proxy. You can specify multiple Connectors using a semicolon.

With this release, Elements Connector starts using the new Elements API to forward security events. If Connector was already configured to use Event Forwarding, it continues using current credentials after the upgrade, follow API configuration instructions to reconfigure and start using the new Elements API.
With this release, we introduce support for multiple HTTP proxies so that Elements Connector remains connected in case of proxy failure. You can specify multiple HTTP proxies using a semicolon. If the connection becomes unstable, Elements Connector starts using the next proxy from the list:

http://myproxy-1:80;http://myproxy-2:80;http://myproxy-3:80

Elements Connector integration for Microsoft Sentinel is now available in the Azure Marketplace.
This release introduces WithSecure brand.
Forwarded events now have WithSecure vendor name, if your SIEM is configured to filter based on the vendor name, this filter has to be adjusted.

First-time installers are now released and you can manually upgrade to the latest version or wait for the channel upgrade that is planned to happen on Tuesday 28th of February.

A_Grinkevitch

Dear Community,

A new release 22.35 (Windows) / 22.34 (Linux) is rolled out with the following changes:

Fixed issues:

Memory leak that might happen in certain conditions is now fixed

First time installers are now released, and you can manually upgrade to latest version or wait for the channel upgrade that is planned to happen on Tuesday 4th of October.

PetriKuikka

Dear Community,

channel upgrade for both Windows 22.18 and Linux 22.19 Elements Connector was release just.

PetriKuikka

Dear community,

A new release 22.18 (Windows) / 22.19 (Linux) is rolled out with the following changes:

New features:

Support EDR BCD incidents in Security Events forwarding to SIEM systems. This feature is planned to be released into production back-end later this week.

Fixed issues:

Includes latest spring4shell updated binaries, so after new installation you don't need to apply any hotfixes anymore.

First time installers are now released and you can manually upgrade to latest version or wait for the channel upgrade that is planned to happen on Tuesday 14th of June.

PetriKuikka

Dear community,

Please be aware that current installations of Elements Connector are affected by the Spring4shell Vulnerability (CVE-2022-22965).

This hotfix provides an updated Spring Framework (5.2.20), which fixes recently reported vulnerability CVE-2022-22965.

PS. We will provide updated version of Elements Connector via the channel upgrade, but it will still take few weeks.

samet

Thank you for the post link:

https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take

anesterov

Dear community,

I am happy to announce that Elements Connector update with the Log4J Vulnerability fixed has been now released. The existing installations will be updated automatically.

The other changes included in this update:

Security events payload larger than 1KB is no longer truncated when forwarding to SIEM.
User defined HTTP and HTTPS ports are now kept on the upgrade (applicable for Windows version).
To simplify event forwarding configuration on Linux, the post installation script is improved.

A_Grinkevitch

Dear community,

Please be aware that current installations of Elements Connector are affected by the Log4J Vulnerability (CVE-2021-44228).

We urge you to apply a hotfix as described in this post:

https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take.

anesterov

Dear community,

I am happy to announce that Elements Connector for Linux is now available for downloading from all production portals as DEB and RPM installation packages.

Check the updated Elements Connector Admin Guide for the list of the supported platforms and installation instructions: https://help.f-secure.com/product.html#business/connector/latest/en/concept_BA55FDB13ABA44A8B16E9421713F4913-latest-en

anesterov

Dear community,

A new release 21.37 is rolled out with the following changes:

Improvements:

Connector is now able to forward data to SIEM over an encrypted channel (TLS for TCP).
Forwarded events are extended with complementary properties that are starting with the 'details_' prefix, e.g. details_sha256, details_infectionName, details_targetPath.
To improve readability some event messages are rephrased and their parameterization is adjusted.
Elements portal now properly shows Windows 10 version for Connector devices.

Fixed issues:

When encountering any unrecognized event or receiving large responses, the Connector could stop forwarding further events.
Connector could generate extra API requests in case SIEM address or port was misconfigured.

anesterov

F-Secure Elements Connector is a product that serves two needs:

Offers an easily adaptable solution for partners who use SIEM products to monitor managed environments.
Allows you to connect the traffic between managed endpoints in your environment and F-Secure cloud services.

Installation and upgrade:

Elements Connector installation and configuration are all self-service steps. Elements Connector subscription is free of charge but it is needed for registration. Subscription can be created by PSB portal users for any company directly from the Downloads view. See Elements Connector Getting Started Guide to get the Connector up and running: https://help.f-secure.com/data/pdf/elements_connector_eng.pdf
Once installed Elements Connector is automatically upgraded from the channel.
Elements Connector replaces F-Secure Endpoint Proxy keeping all proxy capabilities. F-Secure Endpoint Proxy is still around until Elements Connector for Linux is available.

Product features:

Elements Connector is fully managed from PSB portal being visible in the Devices view and configurable via profiles.
With Elements Connector, you can stream all security events from the F-Secure Elements portal to your SIEM. Elements Connector supports Syslog, Common Event Format (CEF), and Log Event Extended Format (LEEF) message formats to stream data, which makes it a generic solution to integrate seamlessly with almost any SIEM. You can configure the use of the forwarding feature for the whole partner scope or limit it to a certain company.
Elements Connector keeps all proxy capabilities as were supported by F-Secure Endpoint Proxy. Now it serves malware definitions (GUTS2 traffic) and software updates (SWUP).

Limitations:

Only Windows version is supported. Linux support is coming soon.
TLS over TCP is not supported when forwarding security events to SIEM.
Elements Connector self-generated CA has to be exported and manually added to endpoints trust store in order software updates traffic to be served. Alternatively, Elements Connector self-generated server certificate can be replaced with a certificate that is trusted by the endpoints.