Elements Connector change log

This thread is a changelog for the F-Secure Elements Connector product.

Answers

  • anesterovanesterov Posts: 4 F-Secure Employee
    edited June 23

    F-Secure Elements Connector is a product that serves two needs:

    • Offers an easily adaptable solution for partners who use SIEM products to monitor managed environments.
    • Allows you to connect the traffic between managed endpoints in your environment and F-Secure cloud services.

    Installation and upgrade:

    • Elements Connector installation and configuration are all self-service steps. Elements Connector subscription is free of charge but it is needed for registration. Subscription can be created by PSB portal users for any company directly from the Downloads view. See Elements Connector Getting Started Guide to get the Connector up and running: https://help.f-secure.com/data/pdf/elements_connector_eng.pdf
    • Once installed Elements Connector is automatically upgraded from the channel.
    • Elements Connector replaces F-Secure Endpoint Proxy keeping all proxy capabilities. F-Secure Endpoint Proxy is still around until Elements Connector for Linux is available.

    Product features:

    • Elements Connector is fully managed from PSB portal being visible in the Devices view and configurable via profiles.
    • With Elements Connector, you can stream all security events from the F-Secure Elements portal to your SIEM. Elements Connector supports Syslog, Common Event Format (CEF), and Log Event Extended Format (LEEF) message formats to stream data, which makes it a generic solution to integrate seamlessly with almost any SIEM. You can configure the use of the forwarding feature for the whole partner scope or limit it to a certain company.
    • Elements Connector keeps all proxy capabilities as were supported by F-Secure Endpoint Proxy. Now it serves malware definitions (GUTS2 traffic) and software updates (SWUP).

    Limitations:

    • Only Windows version is supported. Linux support is coming soon.
    • TLS over TCP is not supported when forwarding security events to SIEM.
    • Elements Connector self-generated CA has to be exported and manually added to endpoints trust store in order software updates traffic to be served. Alternatively, Elements Connector self-generated server certificate can be replaced with a certificate that is trusted by the endpoints.


  • anesterovanesterov Posts: 4 F-Secure Employee
    edited September 23

    Dear community,

    A new release 21.37 is rolled out with the following changes:

    Improvements:

    • Connector is now able to forward data to SIEM over an encrypted channel (TLS for TCP).
    • Forwarded events are extended with complementary properties that are starting with the 'details_' prefix, e.g. details_sha256, details_infectionName, details_targetPath.
    • To improve readability some event messages are rephrased and their parameterization is adjusted.
    • Elements portal now properly shows Windows 10 version for Connector devices.

    Fixed issues:

    • When encountering any unrecognized event or receiving large responses, the Connector could stop forwarding further events.
    • Connector could generate extra API requests in case SIEM address or port was misconfigured.
Sign In or Register to comment.