|
|
The Snare and Epilog agents, from InterSect Alliance, are considered
to be the de-facto industry standard for eventlog and audit log collection.
The agents are available in two different versions:
- The Snare, and Epilog Enterprise Agents - The industry standard for capturing and filtering audit and event log data, in a supported package, and with an enterprise-level feature set, including guaranteed delivery, encryption, and custom event sources.
- Snare, and Epilog: Open source editions - Audit and event log collection, with code available under the terms of the GNU Public License.
| Feature | Enterprise Edition | Open Source Edition |
|---|
| Guaranteed message delivery (TCP) |  | |
| Event log caching | | |
| Encryption (with the Snare Server) | | |
| Log message simulcasting | | |
| Dynamic DNS support | | |
| Centralized configuration management | | |
| Custom Windows eventLog sources | | |
| Vendor product support | | |
| Easy to use installer | | |
| Filter for events of interest | | |
| Remote control interface | | |
| View local and network users and groups | | |
| View local Registry configuration | | |
| UDP and Syslog destination options | | |
| Non-GUI install option | | |
| Upgrade option to preserve existing configuration settings | | |
| Debug mode | | |
 |
Snare Agent for Windows
Snare for Windows is a Windows NT, Windows 2000, Windows XP, and Windows 2003
compatible service that interacts with the underlying Windows Eventlog
subsystem to facilitate remote, real-time transfer of event log information.
Snare for Windows also support 64 bit versions of Windows (X64 and IA64).
Snare for Windows Vista is a Windows 2008, Vista and Windows 7
compatible service that interacts with the underlying "Crimson" Eventlog
subsystem to facilitate remote, real-time transfer of event log information.
Snare for Windows Vista also support 64 bit versions of Windows (X64).
These two agents have now been combined into a single installer with an
advanced silent install feature. Please see the documentation for details.
Event logs from the Security, Application and System logs, as well as the new
DNS, File Replication Service, and Active Directory logs are supported.
The supported version of the agent also accommodates custom Windows event logs.
Log data is converted to text format, and delivered to a remote Snare Server,
or to a remote Syslog server with configurable and dynamic facility and priority settings.
Snare is currently used by hundreds of thousands of individuals,
and organisations worldwide. Snare for Windows is used by many large Financial,
Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to
meet elements of local and federal security requirements, such as:
- ACSI 33
- GLBA (Gramm-Leach-Bliley Act)
- Sarbanes Oxley (SOX)
- C2 / CAPP
- DCID 6/3
- DIAM 50-4
- DDS-2600-5502-87 Chapter 4
- NISPOM Chapter 8
- HIPAA
- PCIDSS
- California Senate Bill 1386
- USA Patriot Act
- Danish Standard DS-484:2005
- British Standard BS7799
|
The Snare for Windows agent is available in two different versions:
- Enterprise Agents - The industry standard for capturing and filtering audit and event log data, in a supported package, and with an enterprise-level feature set including guaranteed delivery, encryption, and custom event sources. Please visit the InterSect Alliance contact page for more information
- Open Source Edition - Audit and eventlog collection, released under the terms of the GNU Public Licence (GPL).
|
|
Network Configuration
|
Remote Configuration
|
Network Configuration
|
Event Details
|
Objective Configuration
|
Objective Add
|
|
|
|
Documentation for Snare for Windows, including the built in silent install feature, is available from our resources page.
Information on creating a custom MSI package for Snare for Windows is also available here. The Snare MSI pack is available here (Sep 2010).
| InterSect provides commercial support for Snare Agents and the Snare Server, but assistance is also available from the Snare Sourceforge Forum. |
|
|
|
Snare for Windows downloads:
Like to keep up to date with Snare releases? Sourceforge offer an email notification service that will send you an email each time we release a new version of Snare. Log in to sourceforge using an existing OpenID compatible account, then jump to the Snare tracker page, and hit the 'Monitor' button, to set this up.
Need to automatically install Snare on multiple systems?
The following tools will require some customisation for your organisation, but may provide you with a starting point. You may also wish to consider the 'MSI' package creation instructions. MSI packages can be installed remotely using SMS, and other Microsoft, and third party, utilities. The Snare MSI pack is available here (Sep 2010).
- RSnare - A Batch file that installs snare to the ADMIN$ share (Thanks to Steven Chase of Verizon Select Services!)
- SnareInstaller - an automated VBS script that performs similar functions to the RSnare batch file. The additional requirements are:
- Browse List Filter - Helps to create a list of servers from the Master Browse List
- regobji.exe - Available from the Mircosoft website, this file provides the necessary remote registry object used by the script
- Support Tools - Available from the Mircosoft website (e.g. WindowsServer2003-KB892777-SupportTools-x86-ENU.exe), some of the support tools are required by the Browse List Filter
- Read Me - Text file containing instructions on how to use the script
PAD File
|
|
Snare Server |
With its' origins in open source software, the Snare Server from InterSect Alliance provides a central collection, analysis, reporting and archival tool for a very wide variety of log formats. Click here for more information |
Snare Demonstration |
 Snare Introduction  Snare Agents  Snare Server Click on a video above, to find out more about Snare and to access the Snare Demonstration Server |
|
|
![[InterSect Swish]](/images/Right-Swish.jpg)
