InterSect [InterSect Swish]
Search Our Site
  Enter Search Terms
News
Snare for Windows - Snare for Windows Version 3.0.0 is now available. This new version fixes some bugs noticed on some Windows OS versions.
NISPOM and PCI An appendix to the Snare Server User's Guide now contains guidance on how to comply with NISPOM and PCI Data Security Standard
Snare Server Version 4.1 is now available. This new version includes a single CD installation for all packages and the OS.
Stats on the agent downloads and visits to our web server are avialble from Statistics.
Snare for Solaris Snare Agent for Solaris
Snare for Solaris provides front end filtering, remote control, and remote distribution for Solaris audit data, interfacing with the underlying Sun "Basic Security Module".

Snare for Solaris can be used as a standalone auditing tool, or can send data to the Snare Server for analysis and storage.

Snare replaces the normal Solaris C2 Audit collection and reporting subsystem, minimising client resource utilisation, and administrative overhead.

The Solaris BSM C2 Audit Subsystem allows users to record operating system events to a local or NFS mounted filesystem. Details on this functionality can be found from the Snare for Solaris documentation, available from our 'Resources' page.

The Solaris C2 audit daemon writes binary event data to the local file system, utilising local workstation/server disk resources for temporary storage, and administrator resources to facilitate the conversion of binary audit data to a usable text format suitable for incident analysis. In cases where events have been selected that produce a large volume of audit information (for example file "open" events), hundreds of megabytes, or even gigabytes, need to be allocated for storage on the client machine. This process utilises significant system and administrator resources that are often more appropriately allocated to the normal operational tasks that the workstation or server performs.

On a large network of Solaris servers and workstations, the management overhead can quickly become onerous, particularly when audit log data needs to be transferred to a central server for consolidation, analysis and archive.

InterSect Alliance have developed software that interfaces with the Solaris auditsvc() system call to convert audit events to text format, then send the converted data back to a central location over the network (via UDP) in real-time, allowing security administrators to implement a centralised audit collection, analysis and archive facility with minimal audit client resource utilisation.

Snare is currently used by hundreds of thousands of individuals, and organisations worldwide. Snare for Solaris is used by many large Financial, Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to meet elements of local and federal security requirements, such as:
  • ACSI 33
  • GLBA (Gramm-Leach-Bliley Act)
  • Sarbanes Oxley (SOX)
  • C2 / CAPP
  • DCID 6/3
  • DIAM 50-4
  • DDS-2600-5502-87 Chapter 4
  • NISPOM Chapter 8
  • HIPAA
  • PCIDSS
  • California Senate Bill 1386
  • USA Patriot Act
  • Danish Standard DS-484:2005
  • British Standard BS7799

Snare for Solaris (formally known as BackLog for Solaris) is available under the terms of the GNU Public Licence.



Screen Shots


SNARE GUI - Main Window

SNARE GUI - Audit Configuration

SNARE GUI - Objective Configuration

SNARE GUI - Event Details

SNARE Micro-Web server - Remote Control Configuration

Documentation

Documentation for Snare for Solaris is available from our resources page

The Sourceforge development website shows support for the open source development community by providing SNARE with a home away from home, and Snare support forums.
SourceForge.net Logo
Download

Snare for Solaris downloads:
Note: Snare for Solaris 2.5.2 has a small bug in the installation process whereby trying to 'preserve' your existing snare configuration file, will throw you into an endless loop. For the moment, rather than choosing the 'preserve' option, use the following procedure:
# cp /etc/security/snare.conf /etc/security/snare.conf.bak
Run the Snare installer, and choose any option other than 'Preserve my existing snare configuration'.
Once installation is complete:
# cp /etc/security/snare.conf.bak /etc/security/snare.conf
# /etc/init.d/snare restart
Like to keep up to date with Snare releases? Sourceforge offer an email notification service that will send you an email each time we release a new version of Snare. Click here to set this up.

Snare Server
The Snare Server builds on the success of our Open Source audit & event log agents. When used in combination, our Snare agents, and Server provide a robust and effective resource for event log management.

Snare Server Snort Report
This link will take you to a small report exported from our Snare Server, that shows attacks against our website
Copyright (c) 1999-2007 InterSect Alliance Pty Ltd