Elements Integrations Changelog

Options
anesterov
anesterov W/ Alumni Posts: 7 Security Scout

The latest updates to WithSecure Elements Integrations bring new features, enhancements, and important fixes to improve the integration capabilities and overall performance of our security solutions. This changelog covers Elements API, Elements Connector, and Elements via Function for Microsoft Sentinel.

Highlights of the Update:

  • New Features: Introduction of new integration options to expand your security toolkit.
  • Enhancements: Improvements to existing integrations for better efficiency and functionality.
  • Bug Fixes: Resolution of reported issues to ensure smooth operation and stability.

For a detailed list of changes and improvements, please click here to see the most recent change log.

To stay updated on future changes, we recommend bookmarking the discussion. Follow the steps outlined here to learn how to bookmark the discussion and be notified of any updates.

Tagged:
«1

Comments

  • anesterov
    anesterov W/ Alumni Posts: 7 Security Scout
    edited October 2023
    Options

    This thread is a changelog for the WithSecure Elements Connector product.

    📝 Click here to see the most recent change log and bookmark the discussion to be notified of any updates.


  • anesterov
    anesterov W/ Alumni Posts: 7 Security Scout
    edited June 20
    Options

    F-Secure Elements Connector is a product that serves two needs:

    • Offers an easily adaptable solution for partners who use SIEM products to monitor managed environments.
    • Allows you to connect the traffic between managed endpoints in your environment and F-Secure cloud services.

    Installation and upgrade:

    • Elements Connector installation and configuration are all self-service steps. Elements Connector subscription is free of charge but it is needed for registration. Subscription can be created by PSB portal users for any company directly from the Downloads view. See Elements Connector Getting Started Guide to get the Connector up and running: https://help.f-secure.com/data/pdf/elements_connector_eng.pdf
    • Once installed Elements Connector is automatically upgraded from the channel.
    • Elements Connector replaces F-Secure Endpoint Proxy keeping all proxy capabilities. F-Secure Endpoint Proxy is still around until Elements Connector for Linux is available.

    Product features:

    • Elements Connector is fully managed from PSB portal being visible in the Devices view and configurable via profiles.
    • With Elements Connector, you can stream all security events from the F-Secure Elements portal to your SIEM. Elements Connector supports Syslog, Common Event Format (CEF), and Log Event Extended Format (LEEF) message formats to stream data, which makes it a generic solution to integrate seamlessly with almost any SIEM. You can configure the use of the forwarding feature for the whole partner scope or limit it to a certain company.
    • Elements Connector keeps all proxy capabilities as were supported by F-Secure Endpoint Proxy. Now it serves malware definitions (GUTS2 traffic) and software updates (SWUP).

    Limitations:

    • Only Windows version is supported. Linux support is coming soon.
    • TLS over TCP is not supported when forwarding security events to SIEM.
    • Elements Connector self-generated CA has to be exported and manually added to endpoints trust store in order software updates traffic to be served. Alternatively, Elements Connector self-generated server certificate can be replaced with a certificate that is trusted by the endpoints.


  • anesterov
    anesterov W/ Alumni Posts: 7 Security Scout
    edited June 20
    Options

    Dear community,

    A new release 21.37 is rolled out with the following changes:

    Improvements:

    • Connector is now able to forward data to SIEM over an encrypted channel (TLS for TCP).
    • Forwarded events are extended with complementary properties that are starting with the 'details_' prefix, e.g. details_sha256, details_infectionName, details_targetPath.
    • To improve readability some event messages are rephrased and their parameterization is adjusted.
    • Elements portal now properly shows Windows 10 version for Connector devices.

    Fixed issues:

    • When encountering any unrecognized event or receiving large responses, the Connector could stop forwarding further events.
    • Connector could generate extra API requests in case SIEM address or port was misconfigured.
  • anesterov
    anesterov W/ Alumni Posts: 7 Security Scout
    edited June 20
    Options

    Dear community,

    I am happy to announce that Elements Connector for Linux is now available for downloading from all production portals as DEB and RPM installation packages.

    Check the updated Elements Connector Admin Guide for the list of the supported platforms and installation instructions: https://help.f-secure.com/product.html#business/connector/latest/en/concept_BA55FDB13ABA44A8B16E9421713F4913-latest-en

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership
    edited June 20
    Options

    Dear community,

    Please be aware that current installations of Elements Connector are affected by the Log4J Vulnerability (CVE-2021-44228).

    We urge you to apply a hotfix as described in this post:

    https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take.

  • anesterov
    anesterov W/ Alumni Posts: 7 Security Scout
    edited June 20
    Options

    Dear community,

    I am happy to announce that Elements Connector update with the Log4J Vulnerability fixed has been now released. The existing installations will be updated automatically.

    The other changes included in this update:

    • Security events payload larger than 1KB is no longer truncated when forwarding to SIEM.
    • User defined HTTP and HTTPS ports are now kept on the upgrade (applicable for Windows version).
    • To simplify event forwarding configuration on Linux, the post installation script is improved.
  • PetriKuikka
    PetriKuikka W/ Member Posts: 237 Threat Terminator
    edited June 20
    Options

    Dear community,

    Please be aware that current installations of Elements Connector are affected by the Spring4shell Vulnerability (CVE-2022-22965).

    This hotfix provides an updated Spring Framework (5.2.20), which fixes recently reported vulnerability CVE-2022-22965.

    PS. We will provide updated version of Elements Connector via the channel upgrade, but it will still take few weeks.

  • SergeH
    SergeH W/ Partner, W/ Staff, W/ Product Leadership, W/ Article Coordinator Posts: 57 W/ Product Leadership
    Options

    Endpoint Protection API

    ·      New Security Events listing

     Security Events provides extensive data that WithSecure engines detected. In addition to infections it reports security events generated by application control, Dataguard, tamper protection, browsing protection...The two new endpoints below provide listing by company or partner but also filtering (e.g. by device, by engine)

    ·      https://connect.withsecure.com/api-reference/psb#get-/companies/-companyUuid-/security-events

    ·      https://connect.withsecure.com/api-reference/psb#get-/partners/-partnerUuid-/security-events

    ·      Infections listing are deprecated

    Security Events contains infections and much more so the old infections endpoint are deprecated and should be replaced by replaced by Security Events at first opportunity

    The following infections Endpoint will stop working by 29.10.2022

    ·      https://connect.withsecure.com/api-reference/psb#get-/companies/-companyId-/infections

    ·      https://connect.withsecure.com/api-reference/psb#get-/companies/-companyUuid-/computers/-computerId-/infections

    ·      https://connect.withsecure.com/api-reference/psb#get-/partners/-partnerId-/infections

     

  • SergeH
    SergeH W/ Partner, W/ Staff, W/ Product Leadership, W/ Article Coordinator Posts: 57 W/ Product Leadership
    edited May 2022
    Options

    Provisioning API

    ·     New url to reflect our new brand

    Please update the following url at first opportunity.

    The existing whitelist will still apply.

    The deprecated url will not be supported after 06.11.2022

    ·     Get subscription

    This new API call allows to get all the details of a subscription by querying with the key as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions/-subscription_key-

  • NicoL
    NicoL W/ Staff Posts: 8 Security Scout
    edited August 2022
    Options

    Provisioning API

    ·     Register a Service Partner (SEP)

    This API endpoint now return partnerUuid in the response. You may refer to API Reference in https://connect.withsecure.com/api-reference/provisioning#post-/ws/rest/provisioning/v1/seps

  • [Deleted User]
    [Deleted User] Posts: 0 Security Scout
    Options

    Endpoint Protection API

    Poll for security events

    This new API endpoint is specifically meant for polling for changes in Security Events. By providing boundaries using server_timestamp query parameters clients have full control over the data set they are interested in. Moreover the data is sorted in the ascending order by the timestamp parameter allowing for easy replay of historical data also simplifying the polling for new events use cases.

     Additional JavaScript code snippet is also attached to illustrate the advised approach to reading historical data and polling for the new events. 

    See: https://connect.withsecure.com/api-reference/psb#get-/accounts/-accountUuid-/security-events/polling

  • PetriKuikka
    PetriKuikka W/ Member Posts: 237 Threat Terminator
    edited June 20
    Options

    Dear community,

    A new release 22.18 (Windows) / 22.19 (Linux) is rolled out with the following changes:

    New features:

    • Support EDR BCD incidents in Security Events forwarding to SIEM systems. This feature is planned to be released into production back-end later this week.

    Fixed issues:

    • Includes latest spring4shell updated binaries, so after new installation you don't need to apply any hotfixes anymore.

    First time installers are now released and you can manually upgrade to latest version or wait for the channel upgrade that is planned to happen on Tuesday 14th of June.

  • PetriKuikka
    PetriKuikka W/ Member Posts: 237 Threat Terminator
    edited June 20
    Options

    Dear Community,

    channel upgrade for both Windows 22.18 and Linux 22.19 Elements Connector was release just.

  • NicoL
    NicoL W/ Staff Posts: 8 Security Scout
    edited August 2022
    Options

    Provisioning API

    ·     Get subscriptions by company uuid

    This new API call allows to get the subscription details list under the specific licensee by querying with the unique identifier as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-companyUuid--companyUuid--include_expired--include_expired-

    ·     Get subscriptions by reference number

    This new API call allows to get the subscription details list under the specific licensee by querying with the buyer's internal reference number as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-buyer_assigned_account_id--buyer_assigned_account_id--include_expired--include_expired-

  • NicoL
    NicoL W/ Staff Posts: 8 Security Scout
    edited August 2022
    Options

    Provisioning API

    ·     Get subscriptions by partner uuid

    This new API call allows to get the subscription details list under the specific reseller by querying with the unique identifier as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-partnerUuid--partnerUuid--include_expired--include_expired-

    ·     Get subscriptions by buyer account id

    This new API call allows to get the subscription details list under the specific partner by querying with the unique identifier as described in https://connect.withsecure.com/api-reference/provisioning#get-/ws/rest/provisioning/v1/subscriptions-buyer_account_id--buyer_account_id--include_expired--include_expired-

  • NicoL
    NicoL W/ Staff Posts: 8 Security Scout
    Options

    Provisioning API

    New products are now supported in Provisioning API

    FCEA: WithSecure™ Elements EDR for Computers

    FCEN: WithSecure™ Elements EDR for Servers

    FCKC: WithSecure™ Elements Vulnerability Management

  • NicoL
    NicoL W/ Staff Posts: 8 Security Scout
    Options

    Provisioning API

    ·     Terminate subscription

    This new API call allows to remove the subscription of licensee by using the key as described in https://connect.withsecure.com/api-reference/provisioning#delete-/ws/rest/provisioning/v1/subscriptions/-subscription_key--force--force-

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership
    edited June 20
    Options

    Dear Community,

    A new release 22.35 (Windows) / 22.34 (Linux) is rolled out with the following changes:

    Fixed issues:

    • Memory leak that might happen in certain conditions is now fixed

    First time installers are now released, and you can manually upgrade to latest version or wait for the channel upgrade that is planned to happen on Tuesday 4th of October.

  • Milosz
    Milosz W/ Staff Posts: 17 W/ Staff
    Options

    Elements API

    Elements API is a new API framework that will cover all Elements offer. For its launch it provides:

    • API Credentials UI where API credentials can be managed for all Elements solution. It allows to apply a policy to renew credential after a certain time or to delete unused credentials. API credentials are now independent of users. 
    • Organization endpoint allowing a partner to list all its companies
    • Security Events endpoint allowing to list all security events including EDR incidents. That will replace the events endpoint in Endpoint Protection API.

    Documentation:

  • dolatawojciech
    dolatawojciech W/ Alumni Posts: 12 Security Scout
    Options

    Elements API

    • Security Events endpoint now allows to fetch events also for partner organizations.
  • dolatawojciech
    dolatawojciech W/ Alumni Posts: 12 Security Scout
    Options

    Elements API

    Changes in existing endpoints:

    New endpoints:

    This first release of Devices endpoint provides information related to the devices (IP address, serial number, UPN...) to allow correlation with other data sources in a SIEM/SOAR, as well as information related to the level of protection.

    We are looking for customer feedback before adding even more data. Please provide your ideas through “My feedback” when you are logged in Elements Security Center, or directly through https://ideas.withsecure.com/ideas (same credentials that you are using to access Elements Security Center), under category "Elements API".

    Endpoint Protection API: Devices endpoints are deprecated

    The old devices endpoints are deprecated and should be replaced by replaced by the new Elements devices endpoints that provide more information.

    The following devices endpoint will stop working by 30.05.2023:

    • Get all company computers report
    • Get all partner computers report
    • Get company computer details
    • List company computers
    • List partner computers


  • dolatawojciech
    dolatawojciech W/ Alumni Posts: 12 Security Scout
    Options

    Elements API

    Changes in existing endpoints:

    • Devices and Security Events endpoints: parameter organizationId is now optional. If it is not present, default organization of authenticated client is used.
    • Organizations endpoint: added new optional organizationId parameter, now endpoint lists organizations belonging to requested organization (including itself if type matches). If parameter is not present, default organization of authenticated client is used. https://connect.withsecure.com/api-reference/elements#get-/organizations/v1/organizations


  • dolatawojciech
    dolatawojciech W/ Alumni Posts: 12 Security Scout
    edited December 2022
    Options

    Elements API

    Changes in existing endpoints:

    • Security events endpoint supports filtering by engine (e.g. EDR) or severity (critical)
    • Security events endpoint supports a new engine: System events log. The type of events log sent must be configured from the EPP Profile


    Endpoint Protection API

    Security events endpoints are deprecated

    The old security events endpoints are deprecated and should be replaced by the new Elements security events endpoints. https://connect.withsecure.com/api-reference/elements#get-/security-events/v1/security-events

    The following security events endpoints will stop working by 30.06.2023:

    • List security events for a company
    • List security events for a partner
    • Poll for security events

    Infections endpoints have been removed from documentation and will stop working at any time.

  • Milosz
    Milosz W/ Staff Posts: 17 W/ Staff
    edited January 2023
    Options

    Endpoint Protection API

    Companies endpoints are deprecated

    Companies endpoints are deprecated. Clients should use instead Organizations endpoint from Elements API.

    Support for Companies endpoint will end by 31.07.2023

  • dolatawojciech
    dolatawojciech W/ Alumni Posts: 12 Security Scout
    Options

    Elements API

    Changes in existing endpoints:

  • AleksandrG
    AleksandrG W/ Staff, W/ Product Leadership Posts: 95 W/ Product Leadership
    edited June 20
    Options

    Dear Community,

    A new release 23.05 is rolled out with the following changes:

    • The Elements Connector Ultimate proxy is introduced with this release. This feature allows Connector to act as a proxy for all traffic between WithSecure endpoints and cloud services simplifying firewall configurations and allowing the use of WithSecure products in semi-closed environments. It extends GUTS2 and SWUP caching only mode and is enabled for all Connectors by default.
    • It is now possible to chain Elements Connectors so that it uses another one to reach the backends. For that, you need to specify the upstream connector in the profile as an HTTP proxy. You can specify multiple Connectors using a semicolon.
    • With this release, Elements Connector starts using the new Elements API to forward security events. If Connector was already configured to use Event Forwarding, it continues using current credentials after the upgrade, follow API configuration instructions to reconfigure and start using the new Elements API.
    • With this release, we introduce support for multiple HTTP proxies so that Elements Connector remains connected in case of proxy failure. You can specify multiple HTTP proxies using a semicolon. If the connection becomes unstable, Elements Connector starts using the next proxy from the list:
    http://myproxy-1:80;http://myproxy-2:80;http://myproxy-3:80
    
    • Elements Connector integration for Microsoft Sentinel is now available in the Azure Marketplace.
    • This release introduces WithSecure brand.
    • Forwarded events now have WithSecure vendor name, if your SIEM is configured to filter based on the vendor name, this filter has to be adjusted.


    First-time installers are now released and you can manually upgrade to the latest version or wait for the channel upgrade that is planned to happen on Tuesday 28th of February.

  • NicoL
    NicoL W/ Staff Posts: 8 Security Scout
    Options

    Provisioning API

    Fixed the missing product in Provisioning API Get Subscription endpoints.

    The following endpoint is now showing FCEC (WithSecure™ Elements EDR and EPP for Computers) in the response:

    • Get subscription by key
    • Get subscriptions by buyer account id
    • Get subscriptions by company uuid
    • Get subscriptions by partner uuid
    • Get subscriptions by reference number
  • Hubert_Szymanski
    Hubert_Szymanski W/ Staff, W/ Article Coordinator Posts: 10 W/ Staff
    Options

    Elements API

    Changes in existing endpoints:


  • dolatawojciech
    dolatawojciech W/ Alumni Posts: 12 Security Scout
    Options

    Elements API

    Changes in existing endpoints: