Versions Compared

Version Old Version 29 New Version Current
Changes made by

Leigh Purdie (Unlicensed)

jorge.rueda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Antivirus Administration

...

Every objective on Snare Central can be individually secured so that only authorised staff have access to it. Access is granted at group level; therefore, an LDAP user must be attached to an LDAP group in order to view or change an objective. This also applies to local users and groups. The  Manage Access Control objective detects if Snare is in LDAP mode or not and objectives will change access rights accordingly.

Please note that most objectives under the "Administrative Tools" and "Data Restore" are restricted for only the Administrator user exclusively. This is because of the security risks and potential of harm to the Snare Central server involved. This means that most of such objectives cannot be accessed by LDAP users nor by local users that do not belong to the Administrators local group. This also means that the "Manage Access Control" interface cannot be used to assign permissions to these administrative objectives either. The complete list of the Administrator only objectives is the following.

Info
titleAdministrator Only

Administrative Tools

  • Change IP Address
  • Configuration Wizard
  • Snare Central Update
  • Snare Threat Intelligence
  • User Administration
  • Shutdown / Reboot Snare Central
  • Manage Nightly Updates
  • Manage Access Control
  • Import Objectives
  • Manage Objective Schedules
  • Manage Plugins

Data Restore

  • Snare Data Import


One of two access rights levels can be granted:

...

This objective provides summary information on current objective scheduling, target email addresses, and access controls. A link to each objective also enables you to modify the associated configuration settings.

Manage Plugins

The team at InterSect Alliance provide development services for customers, such as creating Snare Central objectives that meet specific organisational requirements.  We release these customisations as 'Snare Central Plugins', which can be installed using the normal 'Snare Central Update' capability, and can be turned on/off using the 'Manage Plugins' objective."

My Account

Your Snare Central password can be changed in this objective. Last login date/time information is also available. Note that Snare Central implements several password security policies, including:

...

Threat Intelligence Configuration

Snare Server 7.4+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Advanced Threat Intelligence (SATI) module. Enabling the threat intelligence capability on the Snare Central Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.

Delivery of data to a non-local elasticsearch instance is also supported. Note that only a limited high value subset of the data received by the Snare Central Server, will be forwarded to the destination server.

...


Enabling SATI delivery will display an overview of the currently enabled forwarding filters.

...


The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 7.4 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.

...


...