Snare. The world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving.

Blog Archives

Configuring the Snare agent for SYSLOG SIEM

To send events from your Snare Agent to a SYSLOG Server or other SIEM, such as Secureworks, ArcSight, Symantec, Logpoint, configurations are required on the Destination Configuration page of your version 5 agent. These configurations include the Domain/IP address or hostname of the destination SIEM you are sending to, the Port is to be set […]

Read More

How to configure Snare Agents for QRadar

The configuration settings are outlined below for sending events to IBM's QRadar in: Snare Enterprise Agent for Windows Snare Server/Reflector Snare Enterprise Agent for Windows For Version 5 agents From your Snare Enterprise Agent, navigate to the Destination Configuration page and update the following settings: Under Network Destinations set: Domain/IP to your SIEM destination Port to […]

Read More

How to setup Splunk with the Snare Agents

Some advice from users of Splunk and seeing the data sent from the Snare Agents. To setup the installation: - Use custom ports for the Snare agents.  For example,  Snare Windows Agents TCP/6165, Snare Linux Agents TCP/6166, Snare OSX Mac Agent on TCP/6167, Snare Epilog Agent TCP/6169 etc. Then you may create special rules in […]

Read More

Sending events to a SYSLOG Server

To send events from your Snare Agent to a SYSLOG Server or other SIEM the following configurations are required on the Network Configuration page of your agent: Destination Snare Server address - enter the IP address of the server Destination Port - 514 Enable SYSLOG header must be enabled

Read More

WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien