Snare. The world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving.
Want to do something useful with your collected event log data? Want your data to be easily analysed within a web browser? With interactive reports, queries, alerts and objectives the Snare Server is what your business needs.
The Snare Server is a Security Event and Information Management Solution, developed in the security labs of the defense industry, that provides robust audit event collection, analysis, reporting and archival capabilities of IT security log data. It can collect from a variety of operating systems, services and applications and can receive event log data directly from Snare Enterprise Agents, Snare Epilog files (ascii text log file), syslog network devices such as routers, switches, firewalls and authentication servers.
While the Snare Server offers the facilities and features required by the most demanding IT environments, it is also a cost-effective solution. With its TCO (total cost of ownership) providing substantial economic value in terms of:
- Cost to license.
- Cost to install.
- Cost to maintain.
- Cost to run.
- Cost to retain data.
To find out more, you can download our product summary videos, view our quick screen shot static demonstration or log into an online demonstration.
But in summary, let’s just note a random selection of some of the key overall Snare Server facilities.
- Tailored Objectives: Ability to add, modify or remove specific clonable objectives that have their own configurations, access controls, and distribution settings. Over 100 different reports including administrative security, sensitive file monitoring and user login activity.
- User/Group Administration: The Snare Server offers you the ability to restrict particular capabilities and reports to particular Snare Server users. It also allows integration with Active Directory for user authentication.
- Email Reporting: Snare includes the ability to automatically email regular or adhoc reports to a list of users, at identified intervals (eg: daily, weekly, monthly). This provides security administrators with the capability to facilitate access to Snare reports, without providing a login to the Snare Server.
- Configuration Checking: Snare can collect, view, and report on configuration related data reported by the various Snare Agents. Examples include User and Group information, or Lotus Notes Access Controls.
- Agent Management Console: Ability to manage the Snare Agents configuration through the Snare Server interface. Agents also have the ability to filter events at the front-end, reducing the load on your network, and local disk via their custom objective settings.
- Network Device Reporting: Snare can collect from a variety of Network devices that supports syslog. This includes all common enterprise Firewalls, Routers and Switches.
- Click-Through Detailed Analysis of Logging Data: Users can drill through for more information in each objective to view more details on the data.
- IOS Access Controls: IOS Access Controls can be checked against an authorized copy. Differences are visually highlighted.
- CISCO Pix/ASA Firewall Reporting: CISCO Pix/ASA Firewalls, CISCO Routers, and other similar devices that use IOS, can report to the Snare Server.
- Reflector technology allows collected events to be sent in real time to muliple destinations, such as failover/backup Snare Server or 3rd party collection system.
- Compliance reporting. The Snare Server comes with many template objective reports to assist businesses with their compliance with PCI DSS, SOX, HIPPA and other standards. These can be customised to suit the local reporting needs.
Event and Log Sources
The Snare Server provides a centralized logging collection, analysis, reporting and archival capability for a variety of operating systems, appliances, and servers, including:
- Windows: Using Snare Enterprise Agent for Windows for XP, 7, 8, 2003, 2008/R2, 2012/R2
- MSSQL: Using Snare Enterprise Agent for MSSQL to collect from Sql Server 2000, 2005, 2008, 2012 (2014 coming soon)
- Linux: Using Snare Enterprise Agent for Linux including Redhat 5, 6, SLED 10,11, Ubuntu and Debian
- Solaris: Using Snare Enterprise Agent for Solaris including Solaris 9, 10 (Solaris 11 coming soon)
- OSX: Using Snare Enterprise Agent for OSX including OSX 10.7 (Lion), OSX 10.8 (Snow Lion), OSX 10.9 (Mavericks)
- Ascii text log files: Using Snare Enterprise Epilog for Windows and Snare Enterprise Epilog for Unix
- and a variety of Syslog sources as indicated by the list below.
Templated access and reports for the following systems:
CISCO Routers / IOS
CISCO 6500 Firewall
CISCO Pix/ASA Firewall
CheckPoint Firewall 1
Nortel VPN devices
Microsoft ISA Server
Microsoft IIS Server
Microsoft FTP Server
Microsoft Exchange Server
Microsoft Chat Server
Point of Sale terminals (POS)
IBM Socks Server
Universal Log Format
Generic Syslog Data from any other syslog device
Click on a screenshot to expand the image. For more detailed information, please look at the Snare Server Demonstration, or feel free to Contact Us with any questions.