Snare. The world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving.

Snare Agents

Snare Agents capture and immediately send the collected event logs to the Snare Server, a third party SIEM or a Syslog server for central storage and reporting.

Snare Agents will run on your server or desktop system to capture all relevant system or application audit logs. You can filter and refine the logging collection to capture all IT network security or application events that you have defined to be relevant to your business operation and to help with compliance to your security policy. The agents capture and immediately send the collected event logs to the Snare Server, ArcSight, LogLogic, LogRhythm, Splunk, RSA or other third party SIEM or a Syslog server for central storage and reporting. There are many Snare Enterprise Agents solutions which are each designed for a specific technology platform and provide you with an extensive range of crucial options.

There are extensive capabilities that can be utilised to assist businesses with internal security audits and for compliance with a wide range of security standards such as PCI DSS, HIPPA, SOX, NISPOM, California SB, US Patriot Act, Australian ISM, GLBA, DCID, DIAM, DDS, Danish Standard DS-484, ISO 27001/2 and Massachusetts 201 CMR.

There is also a limited version of this agents software, known as the Snare OpenSource Agent (OSA). As you would expect, this software does not enjoy ongoing supplier support and continuing development or feature enhancement and does not deliver many of the more advanced capabilities of its Enterprise version counterpart. It is strongly advised that the OSA should not be used in production as this version does not adhere to compliance regulations, or offer sufficient protection for your IT assets and corporate data and identity.

To view some of these principal functionality distinctions see the table that contrasts the two Snare Agent editions.

In a moment we will present some real specifics in terms of the wide array of individual Snare Agent options that are currently available for use with Windows, UNIX, Linux, Solaris, OSX and MSSQL. Snare Epilog also supports a wide variety of log formats from any text application log file as well as many well-known applications such as Apache, IIS and ISA. But just before that …

What differentiates Snare?

  • As we’ve already noted, the Snare Agents can readily work with other SIEMS and Syslog servers. So if you already have Agent software, the investment in that is preserved. Plus, you can dynamically change from your present SIEM server to an alternative should future circumstances dictate such a move. So you are also ‘future proofed’.
  • The agents are ultra-lightweight in terms of memory requirements (less than 20Mb of Ram) and CPU demands (less than 5% of host on an average system deployment).
  • Snare gives the ability to filter and forward defined information in real time.
  • You are afforded smart TCP and Smart caching (and UDP for when its needed).
  • Where you require security for the transmission of the log information, the agents can use the industry standard SSL/TLS protocol to encrypt the log information to keep it safe from prying eyes
  • Advanced Events per Second (EPS) rate limiting and event throttling controls. The Windows agents all support a customer event rate per second control to allow you to manage the event rates from systems over slow or low bandwidth sites.
  • File Integrity Monitoring. The Snare Agents support file and directory monitoring to allow you to track all activity of your critical operating system and application files.
  • USB and mounted file systems. Both the Unix and Windows Snare Agents allow desktop and servers to be monitored for any unauthorised connection of USB drives such as USB memory stick, smart phones, stand alone and powered USB hard drives as well as mounting of remote file systems.
  • If necessary, you can work with military grade unidirectional data-diodes to bring data from areas of low classification/trust, up to collection systems of high classification/trust.
  • Snare has a high level of granularity for parsing, filtering etc. That is, Snare Agents enable you to find and filter on specific event ids or events, across multiple platforms (e.g. 2003, 2008, 2012) at the agent level. Or at a level of abstraction e.g. (failed sign on) for ease of use. Without this, you may end up forcing your SIEM server into overtime with all the ‘noise’ you send it, bumping up license fees, slowing down performance or necessitating a stepping stone to a tiered collection model.
  • Snare is easy to install with the integrated installer or you can create your own custom MSI for all Windows platforms (32 bit 64 bit, 2003, 2008, 2012 etc) for ease of deployment and include all of your own system settings.
  • You can manage and administer the agents individually, local regedits, via the web GUI locally or remotely or by the Agent Management Console.
  • The Windows agents all support Active Directory Group policy configuration management for centralised control of all settings. This can be achieved via a Super Group Policy or by an Agent Policy for each agent type being Snare for Windows, Snare Epilog or Snare for MSSQL.
  • You are given broad coverage with agents for operating systems, agents for file contents and agents for DBMS activity.
  • Snare uses dynamic DNS names for 24x7 operation and allows you to provide automatic failover to an alternate Snare Server or SIEM collection system in the event of hardware or site failure.
  • The Snare Agents provide ‘heartbeats’ to log details on the agent's health and to allow the tracking that all systems are up and running.
  • Provides time-zone normalization and UTC format for sites that need to collect logs from multiple time zones.

What technology does Snare work with?

  • Operating System Agents
  • File Format Agents
  • Database Agents

The OpenSource Agent can be downloaded here.

WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien