Snare. The world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving.
Snare Enterprise Epilog for Windows
Snare Enterprise Epilog for Windows is designed to facilitate the central collection and processing of Windows text-based log files and is compatible with all current versions of the Windows operating system. Snare Epilog for Windows also supports date stamped log files such as IIS, ISA, SMTP and Exchange message tracking logs. The agent can restrict the data through a custom objective which can be configured to filter data by including or excluding exact or wild card string matches. Note that users of Lotus can also take advantage of Epilog for Windows.
All log information is converted to tab delimited text format, then delivered over TCP/UDP or SSL/TLS to one or more destinations including a Snare Server, SIEM or syslog server. It should be noted that many standard syslog servers are not designed to cope with the sorts of volume of data that multiple Snare agents can potentially generate and you may require a more advanced system such as a Snare Server or other SIEM system.
Snare is used by many large Financial, Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to meet elements of local and federal security requirements, such as Australian Government Information Security Manual (ISM), GLBA (Gramm-Leach-Bliley Act), Sarbanes Oxley (SOX), C2 / CAPP, DCID 6/3, DIAM 50-4, DDS-2600-5502-87 Chapter 4, NISPOM Chapter 8, HIPAA, PCI DSS, California Senate Bill 1386, USA Patriot Act, Danish Standard DS-484:2005, ISO 27001/2.
Some of the many features of Snare Enterprise Epilog for Windows include:
- Caching of events in case of a network disruption, ensuring that events are not lost
- Confirmed log message delivery with Smart TCP - no lost or missing logs.
- Encryption with TLS/SSL
- Dynamic DNS
- Log to multiple destinations
- Configure the log file source either through an exact match or by a wild card match
- Events per Second (EPS) rate controls
- UTC log time formats
- Group Policy Support
- Allow administrators to manage the agent either locally or remotely via a standard web browser.
Click to enlarge
Documentation is available from the User Documentation page.
InterSect Alliance provides commercial support for Snare Enterprise Agents and the Snare Server. Please visit the Support page for more information.
Snare OpenSource Agents are early versions of the Snare Enterprise Agents, and includes a limited feature set of the Snare Enterprise Agents, and not recommended for use by organisations that require audit regulatory compliance. Click here to compare OpenSource and Enterprise versions.
Intersect Alliance does not provide support for the OpenSource agents, however the Snare OpenSource Sourceforge Forum may offer assistance.
Download Snare OpenSource.