Technical Tip: Failure of the 'AuditLog Cleanup' playbook after users have installed the Nginx Security Patch, which blocks direct access to the Gateway API

The 'AuditLog Cleanup' playbook or any other playbooks that directly access the Gateway API will fail once you have installed the Security Patch (nginx-security-patch) since this security patch has blocked improper access control on the Gateway API. For more information on the security patch.

Related document:

https://www.fortiguard.com/psirt/FG-IR-22-041.

Modify the  'AuditLog Cleanup' playbook as follows:

1) Log onto FortiSOAR and open the Schedule Management Playbooks page (Settings -> System Fixtures -> Schedule Management Playbooks).

2) Open the 'AuditLog Cleanup' playbook.

3) Open the 'Delete AuditLogs' step.

4) Update the value in the IRI field to: /api/gateway/audit/activities/delete.

Note.

The change is to add /api at the start of the IRI field value.

Save the step and then save the playbook.

Note.

It is possible to perform similar steps for other playbooks that fail after installing the nginx-security-patch.