Versions Compared

Version Old Version 1 New Version 2
Changes made by

Andrew Madge

Satyajit Singh (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The silent install option is provided for system administrators wishing to automate the process of installing Snare for Windows with WEC.

...

  • /VerySilent – The Wizard will be hidden for the duration of the installation process. Any message boxes will still be displayed.
  • /SuppressMsgBoxes – Any messages boxes will be dismissed with the default answer.
  • /Log="filename" – Two log files will be created: filename and filename.Snare.log. The Wizard installation log will be written to filename and a detailed Snare installation log will be written to filename.Snare.log.
  • /LoadInf="INFfile" – The INFfile is a template file produced by another Snare installation. It contains all the necessary information to complete the installation and configure the agent for normal operations. See below for more details on how to produce this file.
  • /Reinstall – Tell the installer to overwrite any existing installation.
  • /Upgrade – Tell the installer to upgrade the existing installation. If no existing installation is detected, the installer will abort. This option will only upgrade the Snare files, all configuration settings will remain untouched and the "LoadInf" file will be ignored.
  • /UseHostIP – To enable the address resolution feature, to use the host IP address.  Value 0 for off, and 1 to allow.
  • /Destination– Set the IP address or hostname which the event records are sent.
  • /DestPort – Set the destination port for e.g Snare, syslog.
  • /SocketType –Set the protocol you would like the agent to use when sending events.  Values 0 (UDP),1(TCP),2 (TLS/SSL),3 (TLS_AUTH).
  • /TLSAuthKey – This option must be provided  when protocol is 3 (TLS_AUTH). The length of TLSAuthKey must be between (8-4096) characters and allowed characters include A-Za-z0-9\~!@$%^*()_+=`-
  • /RemoteLocal – To allow remote connections to the agent from localhost only. Value 0 for off, and 1 to allow.  Ensure /RemoteAllow and /AccessKey are also set with this option.
  • /RemoteAllow – To enable the remote access of the agent. Value 0 for off, and 1 to allow.  Ensure /AccessKey is also set with this option.
  • /AccessKey - if /RemoteAllow is set, then the password must also be set.  Set the password text for the remote access of the agent.
  • /EpilogImport - Set whether the Snare agent is to import Logs and Filters settings from the Snare Epilog agent (if installed in the same machine). Set this value to 0 for No (default) or 1 for Yes.
  • /Audit – Set whether Snare is to automatically set the system audit configuration. Set this value to 0 for no or 1 for Yes (default).

...

  1. Install the Snare agent using the Wizard.
  2. Using the web interface, configure the agent's Network and Remote Control settings.
  3. Configure one or more objectivesaudit policies.
  4. Ensure you have administrator rights, open a command prompt and browse to the directory where Snare is installed.
  5. Execute the following commands: 

...