The latest version of Snare features a new GUI with new dashboards and functionality

This next phase in Snare Central development has been geared toward significantly enhancing the end user experience, aiming to bring better insights at-a-glance and more details in fewer clicks. While the aesthetic enhancements will be obvious, Snare has added significant functionality to those dashboards using threshold color changes and easy data filtering and drillthrough capabilities.

Long time users of Snare will notice the difference right away once logged in. Let’s take a quick look at the new dashboard when you log in.

Right away you’ll see these six components.

  1. Health Statuses
  2. Snare Agent Management Health Statuses
  3. Historical Log Collection Over Time
  4. Collection and Reflection Statuses
  5. Total Events – Plotted on a Heat Map
  6. Events Per Second (EPS) Over Time

You can also find Live Events graphed as well as your Scheduled Report Statuses if you scroll down further. Not only that, you can flip the charts for more insight, like flipping the EPS chart to show Bytes Per Second over time.

 

And easily toggle between chart types, right there on your dashboard before drilling through to the underlying data if further investigation is warranted.

 

When it comes to GUIs and the power of data visualization, it always helps to see it in action. Snare Central customers can download this latest version in SLDM but whether your a current customer or just shopping around, why don’t you request a consultation with one of our senior solution engineers? They’d love to show you everything new in Central 8.2!

For more information you can check out the page on Snare Central and also download the datasheet.

Version 7.2 of Snare Server is available and includes the product name change from Snare Server to Snare Central, and the following features:

  • The Snare Agent Manager (SAM) has been integrated directly into the Snare Central Server, and provides centralized license management capabilities. The SAM may be accessed via the menu: Agent Management | Snare Agent Manager. Customers no longer need to maintain a separate standalone Windows-based SAM installation in order to manage Snare agent licensing.  Review User Information
  • In order to comply with the Security Technical Implementation Guide (STIG) recommendations for the Unix operating system (https://www.stigviewer.com/stig/unix_srg/), Snare Central now includes the Snare Linux Agent. Review User Information
  • A new graphical user interface and disk manager utility, called Disk Manager, has been created to make it easier for customers to manage their storage resources. Users of this interface can shift space between disk partitions (new 7.2 installs only), add new unallocated disk space to existing partitions (new 7.2 installs only), and also take advantage of the ‘overlayfs’ feature of 7.2, to layer other formatted disk partitions, NAS shares, or external media, over some existing Snare Central paths. The layering capability will enable, for example, backups that have been created with the Data Backup utility that are stored on optical or USB media, to be superimposed over the existing “Snare Archive” event storage location; this means there is no need to restore a data backup to have access to archived data. Review User Information
  • A historical record of Snare Central reports in PDF format are able to be saved, and available via a SMB share. Review User Information
  • Snare Central now provides an updated access control management interface, which supports both user and group authentication and access control from locally defined users/groups and also users/groups from an LDAP/AD server.  Review User Information
  • The Snare Collector/Reflector dashboard includes additional statistics regarding cache and events. Review User Information
  • Additional objectives have been added to the Snare Central server specifically to detect security incidents on Windows servers and workstations discussed in the SANS white paper at https://www.sans.org/reading-room/whitepapers/logging/detecting-security-incidents-windows-workstation-event-logs-34262. The new objectives cover administrative activity, file and resource access and process monitoring.
  • A new agent information objective in Status | Collection Status-Agent Information, provides a simple overview of the systems that have sent event data to the Snare Central over the course of a configurable number of days.
  • The Snare Central ISO image can now be written to a USB stick in order to install physical or virtual hardware.

Further Information

This video provides an outline of the new features in version 7.2.
Version 7.2 Feature Overview
Presented by Steve Challans
Time: 12.27 minutes

Review the Release Notes.

Interested in an agent capable of processing the Windows Forwarded Events log and format the logs so they appear to come from the original host?  Look no further!

The Snare Enterprise Agent for Windows for WEC is a new agent with the same features and functions as the Snare Enterprise Agent for Windows but also will allow event logs collected by the Windows operating system on Microsoft WEC configured systems, only to be forwarded to a remote audit event collection facility or SIEM, such as Snare Central.  It is only licensed to run on server versions of the Microsoft Windows platforms.

The Snare WEC agent has a modified objective that includes an additional checkbox to collect from the Windows ‘Forwarded Events’ custom event log, which is used to collect logs using the Microsoft event log subscription process and uses WinRM to poll the remote hosts to collect the event logs.

Further Information

  • A short video on Snare WEC agent and Windows Event Forwarding.

Available from version 5.0.2, for further information contact your Snare Sales representative for an evaluation license.