Snare for Windows is a Windows NT, Windows 2000, Windows XP, and Windows 2003 compatible service that interacts with the underlying Windows Eventlog subsystem to facilitate remote, real-time transfer of event log information. Snare for Windows also support 64 bit versions of Windows (X64 and IA64).

Snare for Windows Vista is a Windows 2008, Vista and Windows 7 compatible service that interacts with the underlying "Crimson" Eventlog subsystem to facilitate remote, real-time transfer of event log information. Snare for Windows Vista also support 64 bit versions of Windows (X64).

Event logs from the Security, Application and System logs, as well as the new DNS, File Replication Service, and Active Directory logs are supported. The supported version of the agent also accommodates custom Windows event logs. Log data is converted to text format, and delivered to a remote Snare Server, or to a remote Syslog server with configurable and dynamic facility and priority settings.

Snare is currently used by hundreds of thousands of individuals, and organisations worldwide. Snare for Windows and Windows Vista are used by many large Financial, Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to meet elements of local and federal security requirements, such as: ACSI 33 GLBA (Gramm-Leach-Bliley Act) Sarbanes Oxley (SOX) C2 / CAPP DCID 6/3 DIAM 50-4 DDS-2600-5502-87 Chapter 4 NISPOM Chapter 8 HIPAA PCIDSS California Senate Bill 1386 USA Patriot Act Danish Standard DS-484:2005 British Standard BS7799

Snare for Windows and Windows Vista are free software (freeware), released under the terms of the GNU Public Licence (GPL).

Documentation for Snare for Windows and Windows Vista are available from our resources page.

Information on creating a custom MSI package for Snare for Windows and Windows Vista are also available here. The Snare MSI pack is available here (Dec 2008).

InterSect provides commercial support for Snare Agents and the Snare Server, but assistance is also available from the Snare Sourceforge Forum.

Snare for Windows downloads:

Snare installation package - Version 3.1.8 (Jun 2010)
Source code is available from the Snare sourceforge site.

Snare for Windows Vista downloads:

Snare Vista installation package - Version 1.1.5 (Jun 2010)
Source code is available from the Snare sourceforge site.

---

Like to keep up to date with Snare releases? Sourceforge offer an email notification service that will send you an email each time we release a new version of Snare. Click here to set this up.

---

Need to automatically install Snare on multiple systems?
The following tools will require some customisation for your organisation, but may provide you with a starting point. You may also wish to consider the 'MSI' package creation instructions. MSI packages can be installed remotely using SMS, and other Microsoft, and third party, utilities. The Snare MSI pack is available here (Dec 2008).

• RSnare - A Batch file that installs snare to the ADMIN$ share (Thanks to Steven Chase of Verizon Select Services!)
  
• SnareInstaller - an automated VBS script that performs similar functions to the RSnare batch file. The additional requirements are:
  
  • Browse List Filter - Helps to create a list of servers from the Master Browse List
    
  • regobji.exe - Available from the Mircosoft website, this file provides the necessary remote registry object used by the script
    
  • Support Tools - Available from the Mircosoft website (e.g. WindowsServer2003-KB892777-SupportTools-x86-ENU.exe), some of the support tools are required by the Browse List Filter
    
  • Read Me - Text file containing instructions on how to use the script
    
  PAD File