Sentinel One Flagging Filebeat.exe

[Dunkaknee]

Sentinel One is flagging the version of Filebeat.exe used by UTM stack agent. After investigating it seems that the version used is 8.5.3 which has a CVE https://app.opencve.io/cve/CVE-2023-31413

What is the best way to patch this. Will updating the UTM stack agent update filebeat to a later version or should we try to update filebeat directly (assuming that won't break the agent)

[osmontero]

The flaw is in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. UTMStack agent does not uses the httpjson input for any integration that depends on Filebeat, then updating is not required.