InterSect Alliance - CheckPoint Firewall 1

Snare for Windows - Snare for Windows Version 3.0.0 is now available. This new version fixes some bugs noticed on some Windows OS versions.

NISPOM and PCI An appendix to the Snare Server User's Guide now contains guidance on how to comply with NISPOM and PCI Data Security Standard

Snare Server Version 4.2.1 is now available. This new version includes a single CD installation for all packages and the OS.

Stats on the agent downloads and visits to our web server are avialble from Statistics.

The Snare Server is capable of receiving logs from Checkpoint Firewall 1 Firewalls via the syslog protocol.

The Snare Server can filter on a wide variety of fields within the CheckPoint source data, including:

Date/Time
Source Address
Destination Address
Destination Port
Packet ReturnCode (success/failure/information)
Source Firewall
Action (accept / drop)
Source Interface
Source Port
Protocol

Snare can provide drill-down access to the raw log data, via overview components such as a '15 minute pattern map', and horizontal bar graphs by source/destination/destination port.


Firewall1Log    0       2004-07-11      12:00:04	10.0.1.22 drop    qfe1    10.0.1.31       47997   10.0.1.136      161	24 service: snmp	num: 1	type: log	i/f_dir: inbound	len: 117	product: firewall

The Snare Server builds on the success of our Open Source audit & event log agents. When used in combination, our Snare agents, and Server provide a robust and effective resource for event log management.

Snare Server Snort Report
This link will take you to a small report exported from our Snare Server, that shows attacks against our website