Snare Agent v5.10 – Whats New!

Simplify SOC operations for MSSPs & global enterprises
CENTRALIZE. STANDARDIZE. SCALE

Snare’s latest release streamlines multilingual log analysis, accelerates estate-wide policy management, and deepens integrations with leading SIEM and analytics platforms—so your SOC can move faster with less effort and lower cost.

Key outcomes:

Faster investigations | Lower SIEM ingestion costs | Consistent rules & dashboards | Easier deployment & governance

New Release Snare Agent v5.10

Why this release matters!

Tamper Resistant

One language for global SOCs

Translate Windows audit data back to English while devices remain in local languages—standardize detections, alerts, and dashboards across regions.

Flexible Filtering

Less time in the console

Default templates, bulk actions, and expanded remote policy controls cut repetitive admin across large estates.

Multiple Platforms

Tighter partner workflows

Purpose-built routing for Securonix & Devo (plus Splunk and others) speeds parser rollout and improves table-level targeting.

Agent Precision

Broader visibility

New Linux telemetry gives your SOC operational context (CPU, disk, memory, network) to correlate performance and security signals.

What’s new at a glance

Multilingual SOC, unified analysis Log Translation (Windows audit → English)

Keep endpoints in local languages; normalize analysis in English for rule consistency and global dashboards.
Ideal for MSSPs and dispersed enterprises needing one playbook worldwide.

Easier, safer estate management in SAM

LDAP authentication (SAM v2.2.0): Use third-party/enterprise LDAP for centralized access control and user tracking.
Default templates for configuration groups: Build and manage policies directly in SAM—no more “master agent” dependency.
Unmanage agents: Move agents to the “Unmanaged” group to revert to local control when needed (e.g., break-glass or special cases).
Expanded remote policy management: Centralize configuration for network destinations, FIM, RIM, and Linux audit policies.
Bulk tagging: Speed up grouping, filtering, and actions across large estates.
Agent import/export (UI): Move configs in/out of isolated networks without complexity.

Deeper integrations with strategic partners

Policy-to-Destination routing: Precisely route log data to third-party systems using port-based parsing—built for Securonix and Devo, and supports Splunk and others.
Devo tagging updates: Custom tags now map directly to Devo tables without code changes for faster parser rollouts and higher ingest throughput.
macOS audit logs now use box.audit.macos.event for direct table ingestion and correct parsing in Devo.

More context, more coverage

Linux telemetry (Agent v5.10): Collect CPU, Disk, Memory, and Network metrics—operational context that strengthens threat hunting and incident analysis.
OS coverage update: Added support for macOS 15 Sequoia.

Outcomes you can measure

Consistent detections & hunts:

One language standard across international estates.

Lower SIEM complexity & cost

Targeted routing, cleaner tagging, and policy centralization reduce noise and ingestion waste.

Faster time-to-value

Templates, bulk actions, and remote policy changes shrink deployment and change windows.

Operational resilience

Linux telemetry and unified policy control improve MTTR and post-incident forensics.

Key Features

Log Translation (Windows → English)

Centralize analytics in English while preserving local OS language.
Improves rule reusability, SOC collaboration, and dashboard consistency.

LDAP authentication (SAM)

Use existing directory policies for SAM logins.
Track and audit access by user/group.

Default templates for config groups

Eliminate the “master agent” pattern.
Stand up new groups faster; reduce configuration drift.

Unmanage agents

Gracefully revert to local control for exceptional workflows.
Maintain flexibility without sacrificing governance.

Expanded remote policy management

Centrally update network destinations, FIM, RIM, Linux audit policies.
Reduce site visits and manual touchpoints.

Bulk tagging

Tag, group, and action at scale.
Powerful for MSSPs managing multi-tenant estates.

Agent import/export (UI)

Move configurations securely across isolated/air-gapped networks.
Simplifies audits and disaster recovery preparation

Policy-to-destination routing

Optimized for Securonix and Devo; supports Splunk and more.
Ensures correct port-based parsing and cleaner downstream pipelines.

Devo tagging updates

Direct-to-table custom tags, no code changes required.
macOS audit logs → box.audit.macos.event for immediate, accurate parsing

Linux telemetry (CPU, Disk, Memory, Network)

Adds operational context to security data for faster root-cause analysis.
Better correlations = fewer blind spots.

OS support update

macOS 15 Sequoia added.

USE CASES

MSSPs: standardize global service delivery

Challenge: Multi-region clients with mixed languages and policies create alert inconsistency and rule sprawl.
Snare v5.10 + SAM v2.2.0: Windows audit Log Translation to English + templates and bulk tagging = one standard across tenants.
Result: Lower ops overhead, faster rule deployment, consistent reporting, and happier customers.

Global enterprises: accelerate policy changes at scale

Challenge: Complex estates, slow change control, inconsistent agent configurations.
Snare: Expanded remote policy controls, template-driven groups, and import/export for air-gapped networks.
Result: Rapid, auditable changes with less risk and fewer hands on keyboards.

SIEM optimization: reduce costs, speed parsing

Challenge: Noisy, poorly tagged data inflates ingestion and slows detection.
Snare: Policy-to-destination routing + Devo-ready tagging (including box.audit.macos.event) sends the right data to the right place.
Result: Cleaner pipelines, faster parser delivery, improved dashboard fidelity, and lower SIEM bills.

Try Snare Agent Today

Whether you’re modernizing your SIEM, tightening compliance, or just need bulletproof log collection — Snare Agent delivers. Built for enterprise scale, trusted in defence, financial services, healthcare, and government.

Get a Free Trial
Request a Security Briefing
Download the Product Datasheet

Need help integrating Snare into your environment? Our experts are here to assist.

Contact Sales Request a Demo Talk to Support

Part of the Snare Suite

Snare Agent Manager is a core component of the Snare Security Suite, working in concert with:

snare transparent

FAQ’s

Latest Blogs

Is there a performance impact from Linux telemetry?

Telemetry is lightweight and configurable. You can tune or scope metrics collection per policy and estate needs.

Do I need to re-install agents to use templates or translation?

In most cases, no re-install is required—updates are delivered via standard upgrade paths. Templates and translation are policy-driven features managed via SAM.

Which SIEMs are supported?

Snare integrates with leading platforms including Securonix, Devo, Splunk, and others via policy-to-destination routing and standards-based protocols.

Can I keep some agents unmanaged?

Yes. Move agents to the Unmanaged group to restore local policy control while keeping visibility in SAM.

How does LDAP work with SAM?

SAM can delegate auth to your directory (LDAP), so you can apply enterprise identity and access policies consistently.

Is there an upgrade/EOL notice to review?

Check the Release Notes and EOL Notices for platform support timelines and planning guidance.

September 30, 2025

Why Resilience Starts with Visibility

August 20, 2025

How Snare Helps Organizations Tackle Today’s Biggest Cybersecurity Concerns

August 8, 2025

Why Log Collection Still Matters: Getting the Basics Right in a Zero Trust World

July 30, 2025

The True Foundation of Cyber Resilience: Log Collection Best Practices

July 22, 2025

Log Visibility Without the Hidden Costs: How Snare Eliminates the Cold Storage Compromise