Built for Modern Security & Cost Control
Smarter Ingestion. Deeper Insight. Lower Cost.
Snare Central v8.7 redefines log management and SIEM integration with powerful new capabilities that streamline delivery, reduce ingestion costs, and empower organizations with more flexibility and visibility than ever before.
Now with native support for Azure Sentinel, Splunk, Netflow, and more — plus cost-saving replay and a refreshed UI.
Builds on Snare’s compression and long-term retention strengths. Replay any archived data back to core systems for SOC/IR workflows when you need it most—without paying to keep it “hot”.
Splunk HEC (Cloud & On-Prem):
Native HTTP/HTTPS delivery directly to Splunk via HEC for streamlined, supported ingestion—no relays or workarounds.
Microsoft Azure Sentinel (Log Analytics):
Native HTTPS delivery straight into Azure Log Analytics, the core store for Microsoft Sentinel. No relay required, with support for core Snare formats out-of-the-box.
Devo with mTLS:
Destination configuration now supports mutual TLS, including certificate and chain upload—ideal for forwarding Snare Agent logs to Devo Syslog ELB and other mTLS-capable endpoints.
Map Snare data into the schemas that external tools expect.
Operate complex, multi-destination deployments with ease.
Regex remains available for power users.
Securonix Syslog (New Format):
Snare now supports a Securonix-friendly log format that parses cleanly in the platform—bringing the full Snare value proposition to Securonix customers.
NetFlow v5 Collection, Reflection, and Storage:
Ingest, route, and retain NetFlow v5 for network-level visibility across widely supported vendor ecosystems.
Microsoft Entra ID (SSO + MFA):
Centralize identity and harden access: enable SSO and MFA via Configuration Wizard → Identity & Access Management Setup.
Agent Telemetry (Windows & Linux):
Snare Central now ingests and parses CPU, Disk, Memory, and Network Telemetry from Snare Agents, classified in Snare Archive as TelemetryLog type.
OCI VCN Flow Logs:
Native, active collection of Oracle Cloud Infrastructure (OCI) VCN Flow logs.
Snare seamlessly integrates with any system that supports syslog, API-based ingestion, or secure log transfer.
Keep more data, for longer, with audit-ready replay and identity controls that align to enterprise policy (SSO/MFA).
Pivot freely. Pull long-tail data into your SIEM only when needed, accelerate hunts with clean schemas, and route to multiple destinations without friction.
Standardize pipelines with HEC/Sentinel native delivery, mTLS, and schema remaps. Reduce custom code and brittle relays.
Lower TCO by keeping bulk data in Snare and bursting analysis on-demand—pay for insight, not for idle storage.
Long-Term Compliance Storage Without SIEM Cost Overhead
A financial institution needs to keep five years of logs to meet regulatory requirements. Instead of paying continuous ingestion fees to its SIEM, the organisation archives all historical logs in Snare Central. When auditors request a review of a specific 18-month period, the SOC uses Log Replay to push only the relevant data back into Splunk for analysis—saving hundreds of thousands annually
Multi-SIEM/Multi-Tool Environments
A global enterprise runs both Splunk and Azure Sentinel across different regions. Using Snare Central’s Reflector UI, logs from critical systems are routed to both platforms with contextual naming for each destination. Remapping ensures the data fits each SIEM’s schema, reducing engineering effort and enabling consistent dashboards.
Observability for Hybrid Infrastructure
A managed service provider ingests telemetry data from Windows and Linux agents into Snare Central to monitor system health (CPU, Disk, Memory, Network). 34 built-in reports allow them to detect and address infrastructure anomalies proactively, while OCI VCN Flow logs extend visibility into their Oracle Cloud workloads.
Snare Central v8.7 puts you in control of your data pipeline — optimize ingestion, reduce cost, and maintain flexibility across your entire security architecture.
How does Log Replay reduce my SIEM costs?
Keep bulk history in Snare’s compressed archive and only replay what’s needed to your SIEM for investigations or audits. You avoid paying continuous ingestion fees for cold data.
Do I need a relay for Microsoft Sentinel?
No. v8.7 supports native HTTPS delivery to Azure Log Analytics, the store behind Microsoft Sentinel.
Can I standardize my data for better dashboards and detections?
Yes. Use Remapping with included templates (Splunk CIM & Microsoft Sentinel), or build your own for other platforms.
Is regex gone from the Reflector?
Regex is still supported. The new UI adds dropdown filters and custom names to simplify day-to-day routing.
Will Snare impact my existing SIEM or log management tools?
No. Snare is SIEM-agnostic and integrates seamlessly with tools like Splunk, Microsoft Sentinel, IBM QRadar, Securonix, and more. It acts as a complementary layer that optimizes ingestion and storage, not a replacement.
What security controls are available for destinations?
mTLS is supported for destinations like Devo. For console access, enable Microsoft Entra ID SSO/MFA.
Which network logs are supported?
v8.7 adds NetFlow v5 (collect, reflect, store) and OCI VCN Flow logs, expanding both on-prem and cloud visibility.
