InterSect [InterSect Swish]
Search Our Site
  Enter Search Terms
News
Snare for Windows - Snare for Windows Version 3.0.0 is now available. This new version fixes some bugs noticed on some Windows OS versions.
NISPOM and PCI An appendix to the Snare Server User's Guide now contains guidance on how to comply with NISPOM and PCI Data Security Standard
Snare Server Version 4.1 is now available. This new version includes a single CD installation for all packages and the OS.
Stats on the agent downloads and visits to our web server are avialble from Statistics.

The Snare Server is capable of importing a variety of ACF2 audit log files, including the following auditing resources:

  • ACFRPTLL 
    1ACF2 UTILITY LIBRARY - ACFRPTLL - LOGONID MODIFICATION LOG - PAGE    1
 DATE 06/04/04 (04.097) TIME 11.04
      DATE    TIME  LOGONID  JOBNAME  CHANGER  CHANGE   CPU       USING
     FIELD       OLD VALUE                NEW VALUE

 04.035 04/02 07.24 ABCCOLL  MHUDABCX MHUDABCX CHANGE   DEVT
     ACC-CNT      00585                    00586
     ACC-DATE     04/02/04                 04/02/04
     ACC-SRCE     CCV197S                  VIEWAPPL
     ACC-TIME     07.24                    07.24

  • ACFRPTRL 
    1ACF2 UTILITY LIBRARY - ACFRPTRL - RULE MODIFICATION LOG - PAGE    1
 DATE 04/06/04 (04.156) TIME 13.16

      DATE    TIME  RULE-ID  JOBNAME  CHANGER  CHANGE   CPU

 04.124 03/05 16.26 APP      ZABCX    ZABCX    BFORREPL DEVT

 ACF75052 ACCESS   RULE APP STORED BY ZABCXX ON 23/03/04-15:08
 $KEY(APP)
 $OWNER(OPERATIONS)
  MYDSNAME.PARAGRPH UID(BH  ****X) READ(A) EXEC(A)
  MYDSNAME.PARAGRPH UID(PE  SSSS'P) READ(A) WRITE(L) EXEC(A)
  MYDSNAME.PARAGRPH UID(ZZN KKKKX) READ(A) EXEC(A)
  MYDSNAME.PARAGRPH UID(SYO ****ZZZC) READ(A) WRITE(L) EXEC(A)
  APN.- UID(SPC PACACVALEC) UNTIL(18/09/04) READ(A) EXEC(A)
  APNB.- UID(SPC PACACVALEC) UNTIL(18/09/04) READ(A) EXEC(A)
  APPBRCA.BYPASS.CARDS UID(ABC SMS C) READ(A) WRITE(A) EXEC(A)
  APPBRCA.BYPASS.CARDS UID(NSW ADV N) READ(A) WRITE(A) EXEC(A)

  • ACFRPTDS 
    1ACF2 UTILITY LIBRARY - ACFRPTDS DATASET ACCESS JOURNAL         - PAGE    1
 DATE 04/06/04 (04.156) TIME 13.16

 PTFSSSSS 04.155 03/06 00.05 DATASET  LOGGING                     RKEY=ABCPRD
 CTFPFWFT VOL=STRG95 DDN=         DSN=ABC.PRD.FWSTATS
 DUMPSTAT VOL=       PGM=IEFSD060 LIB=SSSS.LINKLIB
 JOB12025 ALLOC  ALLOC   RULELOG  NAM=TECHNICAL FACILITIES
 PROD SAF SRC=STCINRDR            UID=TF  SSSS'PTFSSSSS

  • ACFRPTEL 
    1ACF2 UTILITY LIBRARY - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE    1
 DATE 04/06/04 (04.156) TIME 13.16

     DATE     TIME  JNAME    LID      MODULE   FUNCTION CPU  C-TYP-NAME

 04.155 03/06 11:07 ZXXXX    ZXXXX    ACF60STO REPLACE  DEVT R-ATR-*LTTIQ
 04.155 03/06 11:07 ZXXXX    ZXXXX    ACF60STO REPLACE  DEVT R-ATR-*LTTSM
 04.155 03/06 11:07 ZXXXX    ZXXXX    ACF60STO REPLACE  DEVT R-ATR-QLTTDG
 04.155 03/06 11:07 ZXXXX    ZXXXX    ACF60STO REPLACE  DEVT R-ATR-QLTTDP
 04.155 03/06 11:07 ZXXXX    ZXXXX    ACF60STO REPLACE  DEVT R-ATR-QLTTGP

  • ACFRPTRV 
    1ACF2 UTILITY LIBRARY - ACFRPTRV - GENERALIZED RESOURCE LOG - PAGE    1
 DATE 04/06/04 (04.156) TIME 13.16

 REQUESTED RESOURCE                               REC  LOOKUP KEY
 UID                      SOURCE   CPU  MODULE   DISP     DSP-MOD  KEY-MOD  SERV     DATE     TIME  JNAME    LID      NAME                 PRE RMC INT PST FIN

 RSUR-FFFNFT1.SUBMIT                              LOG  RSUR-FFFNFT1.SUBMIT
         PRODARC          STCINRDR PROD ACF9CAUT RULE        -        -     READ 04.155 03/06 00.01 JES2     PRODARC  PRODXXX ARCHIVE        0   0   4   0   4
 SAF RESOURCE CLASS SURROGAT

 RESOURCE NAME: FFFNFT1.SUBMIT

 RSTR-STANDARD                                    LOG  RSTR-STANDARD
         PRODARC          STCINRDR PROD ACF9CAUT RULE        -        -     READ 04.155 03/06 00.01 PRODIMFA PRODARC  PRODXXX ARCHIVE        0   0   4   0   4
 SAF RESOURCE CLASS STORCLAS

 RESOURCE NAME: STANDARD

  • ACFAccess 
      ACCESS DSNAME('CSC.SNARE.CNTL')
 ACCESS Subcommand Results For: CSC.SNARE.CNTL

 Key: CSC

 Ruleline: SNARE.CNTL UID(SYO A*AAZSWC) UNTIL(01/10/04) READ(A) EXEC(A)
 Lids: ZSWCFS    ZSWCRSL   ZSWCVS 

 Ruleline: SNARE**.- UID(SC  SCHDPSCFSCHD) READ(A) WRITE(A) ALLOC(A) EXEC(A) DATA(SNARE FTP JOB)
 Lids: PSCFSCHD 

 Ruleline: - UID(TF      ZTFAB) READ(A) WRITE(L) ALLOC(L) EXEC(A)
       No logonids found

  • ACFRPTPW 
    1eTrust CA-ACF2 Security - ACFRPTPW - INVALID PASSWORD/AUTHORITY LOG - PAGE    1 DATE 27/05/05 (05.147) TIME 11.20

     DATE     TIME  LID      JNAME      SUBMIT'R SOURCE    PROGRAM    RC  L  CPU       AUTH

 05.146 26/05 02.00 XXPRCN23 MSYNMPRD            CONS#23  *ATFNSOLE    4     PROD
 05.146 26/05 02.15 XXPMCN24 MSYNMMAI            CONS#24  *ATFNSOLE    4     PROD
 05.146 26/05 03.39 XOPOEB   ZOPOEB   P-LOGON    XADVAC74             12     PROD
 05.146 26/05 03.52 XOPOJL   MSYNMPRD            XADVAC70 *ATFNSOLE   12     PROD

Snare Server
The Snare Server builds on the success of our Open Source audit & event log agents. When used in combination, our Snare agents, and Server provide a robust and effective resource for event log management.

Snare Server Snort Report
This link will take you to a small report exported from our Snare Server, that shows attacks against our website
Copyright (c) 1999-2007 InterSect Alliance Pty Ltd