Snare. The world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving.

Blog Archives

End of Life

The end of life for Snare Server/Snare Central is dependent on the end of life of the Ubuntu version, and for version 7 of Snare Server the Ubuntu base of 14.04 is April 2019.  Each Snare Server patch/update release supercedes the last patch, and Intersect Alliance always recommend to be at latest product level (for any […]

Read More

ECCN for Snare

The Export Control Classification Number, or ECCN, for Snare is 5D002 (Information Security Software). **UPDATED 2018 Diversion of Snare products and technology contrary to Australian law is prohibited. Depending on where you reside, additional import or export requirements may apply. Based on the Australian export controls of the Snare product it is classed as exempt […]

Read More

How can I remove “agents that cannot be contacted”?

When agents are decommissioned, the agents are still reported as non-contactable in the Agent Management Console (AMC). The reason for this is that the Snare Server keeps the old meta data associated with the old connection. These agents will roll off the Snare Server after 3 months. To remove the agent manually, you must remove […]

Read More

Can the Windows evtx log files be forwarded to another SIEM?

If your servers are managed by a third party, and agent-based solutions are not practical, the Snare Central Server has the ability to process text based windows evtx log files in batch mode. Your service provider may be able to provide access to such logs by exporting log data on a scheduled basis using the […]

Read More

On QRadar and missing events from Snare?

Events from the Snare Agent sent to QRadar may appear to be missed in the QRadar logs. To ensure QRadar receives the events be sure to disable the QRadar log source coalescing feature (Coalescing Events) in the system defaults, or on each of the log sources so that QRadar will see each event from the […]

Read More

Why do I have duplicated events?

Snare Agents may replicate events across their domain controllers, and it's to do with the way Microsoft domains and events work, since Windows 2000. In a multi domain server environment some client logs (not all) may end up on one or more domain controllers. The Snare agent just collects the logs from the local event […]

Read More

Ready for V5?

As you prepare to download the Snare software, we want to highlight your options for selecting and installing the right version of SNARE for your organization. Our latest release is Snare Enterprise - Version 5.0. It includes compelling new features as per the table below. Features TLS encrypted remote configuration management. Agents support HTTPS for […]

Read More


Why is the Linux agent using lots of CPU?

The Snare for Linux agent works with the Unix audit subsystem.  The Linux agent removes the complexity of configuring the audit settings so users don’t have to manage Unix text files as well as providing the security teams remote access to adjust and filter the audit settings without having to login as root on the remote […]

Read More

About Certificates

Snare Server The Snare Server uses a 10 year certificate for the web interface, this can also be regenerated at anytime from within the Snare Server wizard. The certificate used for the TLS log collection has a 2 year expiry on it and can be updated manually by changing the PEM file or it will […]

Read More

WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien