FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
nmathur
Staff
Staff
Description

The 'AuditLog Cleanup' playbook or any other playbooks that directly access the Gateway API will fail once you have installed the Security Patch (nginx-security-patch) since this security patch has blocked improper access control on the Gateway API. For more information on the security patch.

 

Related document:

https://www.fortiguard.com/psirt/FG-IR-22-041.

Scope All FortiSOAR versions that have installed the nginx-security-patch prior to FortiSOAR version 7.2.0.
Solution

Modify the  'AuditLog Cleanup' playbook as follows:

 

1) Log onto FortiSOAR and open the Schedule Management Playbooks page (Settings -> System Fixtures -> Schedule Management Playbooks).

 

2) Open the 'AuditLog Cleanup' playbook.

 

3) Open the 'Delete AuditLogs' step.

 

4) Update the value in the IRI field to: /api/gateway/audit/activities/delete.


Note.

The change is to add /api at the start of the IRI field value.

Save the step and then save the playbook.

 

Note.

It is possible to perform similar steps for other playbooks that fail after installing the nginx-security-patch.

 

Contributors