Snare. The world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving.

Blog Archives

Snare Server download files – false positives

Antivirus (AV) software may occasionally generate reports of alerts with Snare Central Server official release files. For example, Trojan-ArcBomb in the "SnareServer-v7.1.4.iso" and "SnareServer-v7.2.0.iso" files In this case, the AV is detecting the testing payloads from OpenVAS. It is not the Trojan implant, but the detection payloads used by the vulnerability scanner. The OpenVAS software […]

Read More

Snare Health Checker displays disk usage error

An upgrade to version 7.2 of the Snare Server/Snare Central may display a red alert error in the Snare Health Checker in the Disk Usage section. This is due to the original Snare Server installation being installed with a small boot partition. The Snare Health checker is reporting as a red alert on all partitions […]

Read More

How to search data in Snare Server

Searching data in the Snare Server is available via Reports | Dynamic Search. This allows searching for events across multiple log sources. Data that arrives into the Snare Server may take up to fifteen minutes before it is processed by the Snare Server metadata subsystem. This means the data isn't available for queries within this […]

Read More

Snare Central and Sizing

The Snare Central hardware requirements are significantly dependent on the volume of audit received by the Snare Central, and the type and number of audit objectives defined. There are minimum hardware requirements available in the Installation Guide for Snare Central for smaller and larger configurations. However for large to very large environments please contact your […]

Read More

Viewing the Manage Agents report in Excel

Some users may find if they open the Manage Agents CSV report (generated from the Snare Central's Agent Management Console) in excel spreadsheets , their information is displayed in the first column, making it difficult to view the managed agents.      The workaround to be able to view the data clearly: 1. Select the first column, so it's […]

Read More

How can I remove “agents that cannot be contacted”?

When agents are decommissioned, the agents are still reported as non-contactable in the Agent Management Console (AMC). The reason for this is that the Snare Server keeps the old meta data associated with the old connection. These agents will roll off the Snare Server after 3 months. To remove the agent manually, you must remove […]

Read More

Can the Windows evtx log files be forwarded to another SIEM?

If your servers are managed by a third party, and agent-based solutions are not practical, the Snare Central Server has the ability to process text based windows evtx log files in batch mode. Your service provider may be able to provide access to such logs by exporting log data on a scheduled basis using the […]

Read More

Snare Server Samba Vulnerability

All versions of Samba from 3.5.0 onwards are potentially vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writeable share, and then cause the server to load and execute it. The Snare Server is not vulnerable, since it does not export any writeable shares. However, a […]

Read More

Snare Central and Palo Alto

Palo Alto Networks firewalls can be configured to send log data to Snare Central for collection, analysis and reporting. The Snare Server collection subsystem is quite flexible, and is capable of dealing with a wide range of custom LEEF formats. The following fields are separated out, and are available as individually accessible indexed data within […]

Read More

WRITE SAME failed message during Snare Server Installation

During installation of the Snare Server, some customers may come across warning messages WRITE SAM failed. Manually zeroing. These messages may be safely ignored, as it is to do with the SCSI emulation environment that is trying to request doing a write of zeros from a begin to end sector, and the system SCSI emulation does not […]

Read More

WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien