Securing your SEM nodes

A bug found in the Log4j library can allow an attacker to execute arbitrary code on your system. Therefore if the SEM nodes are added, please follow the steps given below to fix the log4j vulnerability:

1. Stop the Elasticsearch service (elasticsearch-service-x64 or elasticsearch-service-x86) from services.msc.
2. Copy the following files from elasticsearch folder (<Installation dir>/Log360/../elasticsearch/ES/lib)
• log4j-1.2-api-2.15.0.jar
• log4j-api-2.15.0.jar
• log4j-core-2.15.0.jar
3. Open the following ES node installation directory inside the installed SEM node
• <Installation folder>/ES/
4. Paste the JAR files copied in Step 2 into the <Installation folder>/ES/lib folder.
5. Backup and delete the following jars from the <Installation dir>/ES/lib folder:
• log4j-1.2-api-2.9.1.jar
• log4j-api-2.9.1.jar
• log4j-core-2.9.1.jar
6. Start the Elasticsearch service (elasticsearch-service-x64 or elasticsearch-service-x86) from services.msc