InterSect [InterSect Swish]
Search Our Site
  Enter Search Terms
News
Solutionary

IAI is very proud to announce that Solutionary has selected Snare as their technology partner for the ActiveGUARD managed service platform.
InterSect Alliance International

As some are already aware, InterSect Alliance was recently purchased by Prophecy International, and is now InterSect Alliance International Pty Ltd. More good news to come.
The Snare Server is capable of receiving logs from CISCO Routers, Switches, and Firewalls via the syslog protocol.

Supported devices include, but are not limited to: CISCO PIX, CISCO Routers, CISCO 6500 Firewall, CISCO NAS 5300 RAS Logs, and Router logs that have been passed through the 'WhatsUp' collection software.

The Snare Server also provides the capability to connect to the Router or Firewall administrative interface, and download a current copy of the network device access controls. These access controls can be compared against a known 'authorised' ruleset, with changes highlighted to the auditor.

The Snare Server can filter on a wide variety of fields within the CISCO source data, including:
  • Date/Time
  • Source Address
  • Destination Address
  • Destination Port
  • Packet ReturnCode (success/failure/information)
  • Event Criticality
  • Source Firewall
  • Action (accept / drop)
  • Source Interface
  • Source Port
  • Protocol

Snare can provide drill-down access to the raw log data, via overview components such as a '15 minute pattern map', and horizontal bar graphs by source/destination/destination port.



Dec 7 15:33:45 10.0.0.1 Dec 07 2005 15:33:44: %FWSM-5-304001: 123.23.23.123 Accessed URL 21.22.23.24:http://mywebserver.myorg.com/homepage/index.html
Dec 7 15:33:45 10.0.0.1 Dec 07 2005 15:33:44: %FWSM-6-302001: Built outbound TCP connection 1 for faddr 66.16.62.14/80 gaddr 19.19.70.22/63782 laddr 17.77.78.27/1308
Dec 7 15:33:45 10.0.0.1 Dec 07 2004 15:33:44: %FWSM-6-302002: Teardown TCP connection 1 faddr 28.12.15.21/80 gaddr 19.11.74.20/63322 laddr 17.37.14.10/1446 duration 0:00:00 bytes 1836 (Unknown)

40w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async122, changed state to up
40w5d: %ISDN-6-CONNECT: Interface Serial4:15 is now connected to 3048428739
40w5d: %ISDN-6-DISCONNECT: Interface Serial4:11 disconnected from 7195458167 , call lasted 270 seconds

184697: 3w3d: %SEC-6-IPACCESSLOGDP: list TsyATMIn denied icmp 14.10.29.10 -> 19.19.50.255 (8/0), 1 packet
184698: 3w3d: %SEC-6-IPACCESSLOGP: list TsyATMIn denied tcp 21.6.20.95(11879) -> 19.19.44.22(80), 1 packet

20041221 113634 EVENT Syslog/Unsolicited 10.80.10.4 <139>46006: Dec 21 10:36:33.224 AEST: %PS-3-MULTFAIL: There is more than one failure with the Power System 2; please resolve problems immediately
Snare Server
With its' origins in open source software, the Snare Server from InterSect Alliance provides a central collection, analysis, reporting and archival tool for a very wide variety of log formats.

Click here for more information
Snare Demonstration

Snare Introduction

Snare Agents

Snare Server
Click on a video above, to find out more about Snare and to access the Snare Demonstration Server
Copyright (c) 1999-2011 InterSect Alliance Pty Ltd