...
For each Objective, user will now be able to set a criticality level for each event format: Snare, Syslog (incl. SYSLOG (RFC3164), SYSLOG Alt (RFC5424 Compatible), SYSLOG (RFC5424) ), CEF, LEEF.
This applies to Audit , FIM, RIM, and Log Filter objectives.- Agent installer, uninstaller and binaries are now digitally signed with EV code signing certificate, eliminating unknown publisher warnings.
- Improved the support for CEF format for Snare for Windows. Now Audit event reports the following CEF extensions: cat, start, act, deviceProcessName, dvchost, suser, outcome, duid, msg.
- SYSLOG (RFC3164) IEFT IETF standard allows all alphanumeric characters considered the part of TAG. Previously, a fixed TAB was used as TAG terminator. Now to fully comply with SYSLOG (RFC3164) IEFT IETF standard, any non-alphanumeric character can be specified as TAG terminator. To enable this functionality define a custom delimiter, and uncheck "Use TAB as SYSLOG (RFC3164) TAG Terminator" checkbox in the Destination Configuration.
- Updated snare logo in the installer and in the Agent Web GUI.
- Updated links in the readme files to point to snaresolutions.com website. Updated links to Knowledge Base.
- Added a default Objective to collect logs related to scheduled tasks and other object access events: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events.
- Port 6514 can now be used to send events in Syslog format using TLS protocol to Snare Central 8.3+ or Snare Reflector 2.4+. Warning messages were updated accordingly.
...