Request Pricing

Centralized Log Management

Store and manage logs from one central, flexible, and easy-to-use platform.

Snare Centralized Log Management (CLM) is the global standard in flexible, central log management and the log collection platform of choice for the Fortune 2000 and leading MSSPs worldwide.

With Snare CLM, you have total control of your logs, allowing you to collect any log from anywhere while managing what data goes where and to how many places. Snare CLM is responsible for archiving logs, remotely managing agents, routing logs to multiple destinations including MSSPs, SOCs and other third party solutions as well as Snare applications.

Contact Snare’s Team Request a Quote

Snare is Trusted by 4,000+ Customers Worldwide

Snare Central Cloud Logs

Why Centralized Log Management Is Critical Right Now

Network log records play an extremely important role in cyber security and log management is a critical part of a well-managed and secure cyber infrastructure. A central log management solution helps in the detection of advanced persistent threats (APT), and anomalous activity both real-time as well as reactively during or following an incident-response event.

With Snare CLM, your security team can:

Manage all of your network logs in a central location
Collect any logs from anywhere
Filter out event and log noise
Customize what data goes where
Simplify log analysis and correlation tasks
Securely store your log data at a 50:1 compression rate (saving on storage costs)
Reduce SIEM ingestion costs by only sending the log data you need

Snare Centralized Log Management (CLM)

Snare is the global standard in flexible, centralized log management.
Snare’s central log management solutions are currently in use by over 4,000 enterprise customers worldwide.

Snare Enterprise Agents
The industry’s best for Windows, Linux, Unix, macOS, Epilog, etc. – including FIM, RIM, FAM, RAM, and USB solutions.
Windows Agents Veracode Verified. No Java or .NET required

Automated, Real Time Alerting
Alert your security team in real-time to anomalous activities inside the network. This enables faster speed-to-detection and enhanced threat hunting capabilities.

Unlimited, Pristine Data Storage
Snare’s unlimited, pristine log data storage helps keep your company compliant with mandates that require organizations to maintain logs for as long as 7 years.

24x7x365 Support
We have customers all over the globe and on every continent, so we are here to support you whenever you need it.

Snare MS SQL Agent for Database Activity Monitoring (with data masking)
Monitor corporate databases with the Snare MSSQL Agent to support Separation of Duty (SOD). Reduce the risk of data leakage and/or your PCI DSS scope with integrated data masking for sensitive data (PII, Credit Card numbers, SSN, etc.)

Snare Management Center
A centralized management view of multiple Snare Central systems, eliminating the need to visit each system on-site.

Snare Collector / Parser
Leveraging the intelligence of our security product to identify and parse critical event components.

Snare Reports

A complete pack of out-of-the-box logging reports that can be configured and scheduled for delivery to critical team
members daily/weekly/monthly/quarterly to meet your needs.

Snare Compliance Packs
Out-of-the-box reports for PCI DSS, HIPAA, SOX, and others.

Cloud Log Collection & Reporting
Cloud-based log management and reports to support cloud or hybrid environments

Snare Live Dashboards
Real-time, visual thresholds, live data monitoring, and graphical summary reports.

Fixed Cost Plans
Snare’s predictable pricing helps with budgeting and scaling predictably.

Snare Central

The complete Centralized Log Management suite by Snare

Snare Central version 8.5 introduces several updates designed and developed to dramatically improve threat hunting speed and investigation capabilities, maximizing the effectiveness of the SOC.

The latest version of Snare Central features:

Snare Management Center (SMC) – A centralized management view of multiple Snare Central systems, eliminating the need to visit each system on-site.
Enhanced automated alerting to improve threat hunting speed
New log types to expand coverage and enhance investigation capabilities
Cloud-based log management and reports to support cloud or hybrid environments

Try Snare for Free Request a Snare Demo Learn More about Snare Central 8.3

Snare Centralized Log Management Server

Store and manage logs

Snare Central is the only solution that gives you total control of your logs, allowing you to collect any log from anywhere while managing what data goes where and to how many places. Snare Central is responsible for archiving logs, remotely managing agents, routing logs to multiple destinations including MSSPs, SOCs and other 3rd party solutions as well as Snare applications.

A Snare Central server can help with the ability to store and manage logs:

Alerts & Thresholds for alerts to focus on possible IoC events
Store events on local storage with your automatic retention rules applied
Up to 50:1 compression facilitates long-term historical forensic storage of security picture
Report generation and scheduled distribution
Health checker “Heartbeat”
Real-time dashboards

Snare_CLM_Centralized-Log-Management_Server

Snare_Centralized-Log-Management_CLM

Schedule a Meeting with Snare & SPOC Request a Snare Demo

Snare Collector / Parser

Ingest Logs from Anywhere

Once logged, data needs to be normalized in order to analyze it. Unstructured data means additional work sifting through noise rather than spending time on intelligence. With the Snare Collector/Parser, you can ingest logs from a variety of places and formats, translate data into a standard format, have log data in a format that can be intelligently sent in “formats” desired, eliminate data lock-in, and the ability to enrich data through tagging.

The Snare Collector / Parser enables you to ingest logs from anywhere and normalize data from disparate systems and formats:

Server and Desktop Systems
Network Devices (firewalls, routers, switches, any syslog source)
IIS, Apache, and other “flat file” sources

Snare Reflector

Flexible Data Handling

Collecting and analyzing logging information from across disparate systems can be complex. The Snare Reflector can cache, filter, and forward logs to centralized systems regardless of their format or final destination. The Snare Reflector is used to unify disparate systems from SIEMs to log management platforms, implementing enterprise logging architecture, and tuning data (and log) flow with unmatched precision.

The Reflector can send data in real-time to one or more destinations, using UDP or TCP with TLS encryption enabled. We send logs in any of major formats including both syslog types 3164 and 5424.

With the Snare Reflector, you will be able to:

Send only high priority logs to analysis engine(s)
Divert holistic overview logs to long-term local storage
Data masking (PCI DSS data, PII data, Credit Card #’s, SSN, etc.) limiting and reducing risk
Provide an application-level secure tunnel for events (e.g., receive syslog, transport over TLS, then convert back to syslog on the other end) increasing your security
Multi-tier – Complex environments are handled with ease (Multiple SIEMS, SOC, Data lake, etc…
Consolidate, correlate, send to concurrent stakeholders throughout the business
Feed multiple destinations at once, while tailoring what is sent

Snare_CLM_Page_Reflector

Get in Touch with Sales Request a Snare Demo

Snare_CLM_Page_Centralized-Log-Management_Asset-Management

Asset Management Console

Know what you have and that it is connected and reporting

With Snare’s Asset Management Console (AMC/SAM), you will be able to know that your agents are connected and reporting. The AMC/SAM enables your team to centrally configure endpoint policies, easily and quickly upgrade 100,000’s of agents on endpoints from a central console, and leverage simple & clear updates to ensure all agents and associated policies are current.

Snare’s full Asset Management Console includes full AMC/SAM for managing agents on endpoints:

Manage agent configurations for endpoints
Centralized Configuration of endpoint policies
Tailor policies by groups (Geographic Location, Dept., by IP addresses or types of agents)
Perform asset agent upgrades centrally (SAM) – (currently for Windows Enterprise and Windows Desktop agents)

Talk to a Technical Expert Request a Snare Demo

Report Pack

Easily pull reports for compliance

Managing and, importantly, analyzing, log data is crucial to staying in front of evolving regulations regardless of what industry you operate in. Event logging and forensic analysis make it easy to comply with these regulations. If an incident occurs, being able to pinpoint exactly what happened is essential to be able to prevent a similar incident from occurring again in the future. A full accounting of what happened may also be required by the relevant authorities.

With Snare CLM, you have access to a report pack for one of the following Security & Compliance Reporting needs:

PCI DSS
SOX
HIPAA*
ISO 27001*
Database Activity Monitoring*
MITRE ATT&CK (full mapping across the entire framework)
FISMA*
PIPEDA*

Snare_CLM_Page_Logging-Compliance-Reporting

Learn More About Snare Logging Compliance

“I tend to use Snare when customers have a lot of end points, 1,000 or more though particularly over 10K windows end points and they know they want to monitor each and every one of them. I know Snare will report in every time, all the time, even in large scale environments. Snare is well documented and easy to install. Snare also does encryption from the agent to the QRadar host, which is very important for most organizations, though in particular federal customers.”

Peter "S14" Szczepankiewicz, IBM

Get the CLM Offer Details

How Snare CLM Enhances Your Cyber Security Capabilities

File Integrity Monitoring (FIM)
Many regulations require the addition of a checksum to detecting file changes, and file permission changes, such as PCI DSS that require the change detection tools be run at least weekly.

File Activity Monitoring (FAM)
Find out who is doing what to your files and when. Who opens, reads, deletes them, and are they supposed to? A critical component to most compliance policies such as PCI DSS, HIPAA, FISMA, ISO27001, NIST, etc.

Multi Destination
Unlimited destinations for logs being sent with different ports, protocols, and formats for each destination. Get the right data, to the right people, at the right time.

Registry Integrity Monitoring (RIM)
Similar to FIM, performing a checksum and tracking the permission changes on the registry is important for identifying changes to key parts of the windows configuration and applications.

Registry Activity Monitoring (RAM)
Most applications maintain their configuration in the registry on Windows platforms. Being able to detect unauthorized changes to an application from changing key registry values is an important forensic tool in determining if the change resulted in unauthorized application activity.

Enterprise Grade
Heartbeats, self-audit, audit policy, data enrichment, data masking, and EPS controls. Windows Agents Veracode Verified. No Java or .NET required.

Database Activity Monitoring (DAM)
Effectively monitor SQL activity within a single database or an entire instance that covers multiple databases.

USB Drives
Tracking removable media and its usage on systems is important for data exfiltration and potential sources of malware and other malicious activity. It is important to track the device activity and if the media was something like a thumb drive or Rubber Ducky device that can be used to steal data or write malware/exploit at 3,000 characters a second and then execute it on the system as the user that is logged-in on the system.

24x7x365 Support
We have customers all over the globe an on every continent, so get support when you need it with our global support.