Version 7.2 of Snare Server is available and includes the product name change from Snare Server to Snare Central, and the following features:

  • The Snare Agent Manager (SAM) has been integrated directly into the Snare Central Server, and provides centralized license management capabilities. The SAM may be accessed via the menu: Agent Management | Snare Agent Manager. Customers no longer need to maintain a separate standalone Windows-based SAM installation in order to manage Snare agent licensing.  Review User Information
  • In order to comply with the Security Technical Implementation Guide (STIG) recommendations for the Unix operating system (https://www.stigviewer.com/stig/unix_srg/), Snare Central now includes the Snare Linux Agent. Review User Information
  • A new graphical user interface and disk manager utility, called Disk Manager, has been created to make it easier for customers to manage their storage resources. Users of this interface can shift space between disk partitions (new 7.2 installs only), add new unallocated disk space to existing partitions (new 7.2 installs only), and also take advantage of the ‘overlayfs’ feature of 7.2, to layer other formatted disk partitions, NAS shares, or external media, over some existing Snare Central paths. The layering capability will enable, for example, backups that have been created with the Data Backup utility that are stored on optical or USB media, to be superimposed over the existing “Snare Archive” event storage location; this means there is no need to restore a data backup to have access to archived data. Review User Information
  • A historical record of Snare Central reports in PDF format are able to be saved, and available via a SMB share. Review User Information
  • Snare Central now provides an updated access control management interface, which supports both user and group authentication and access control from locally defined users/groups and also users/groups from an LDAP/AD server.  Review User Information
  • The Snare Collector/Reflector dashboard includes additional statistics regarding cache and events. Review User Information
  • Additional objectives have been added to the Snare Central server specifically to detect security incidents on Windows servers and workstations discussed in the SANS white paper at https://www.sans.org/reading-room/whitepapers/logging/detecting-security-incidents-windows-workstation-event-logs-34262. The new objectives cover administrative activity, file and resource access and process monitoring.
  • A new agent information objective in Status | Collection Status-Agent Information, provides a simple overview of the systems that have sent event data to the Snare Central over the course of a configurable number of days.
  • The Snare Central ISO image can now be written to a USB stick in order to install physical or virtual hardware.

Further Information

This video provides an outline of the new features in version 7.2.
Version 7.2 Feature Overview
Presented by Steve Challans
Time: 12.27 minutes

Review the Release Notes.