FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 201021

This article describes the Apache log4j Vulnerability's effect on FortiAnalyzer-Bigdata and how to Mitigate it.

Scope FortiAnalyzer-BigData 6.4, 7.0.

FortiAnalyzer-BD has components that utilize log4j but the impact surface is very limited.

To mitigate the vulnerability, It is possible either:


1) Upgrade to Special Build based on 6.4.6 or 7.0.1.




2) Run Script to mitigate the vulnerability in Live Environment without upgrading.


Below are the steps to run the script:


1) Unzip the attached Script file

2) Run the script on the Security Event Cluster Controller.

3) Stop and start all services to take effect:
From GUI, go to Cluster Manager -> Services -> Actions, select 'Stop All Services' and wait until done.

Select 'Start All Services' and wait until done.



If Factory Reset is performed, then the script needs to be run again.