Versions Compared

Version Old Version 4 New Version 5
Changes made by

Leigh Purdie (Unlicensed)

Leigh Purdie (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Welcome to the Snare Wizard

...

  • Enable or disable the Basic Snare Firewall, which uses the UFW firewall to configure IPTables. For normal Snare Central operation, the firewall should be left enabled; it will only block those ports that do not have an associated snare-related service active.

    • When the Snare Firewall checkbox is enabled, the currently active firewall rules will be shown in the Active Rules section, and the Backup & Restore section is available. It is possible to make a backup of the current rules and restore them if required.

    • Clicking on any active rule will display the "edit rule" form, where you can delete the selected rule or change parameters like destination port number, transport protocol, policy and origin.
    • It is important to note that when adding a new rule, by default UFW will create the same rule for both TCPv4 and TCPv6. However, when deleting a rule you need to delete the TCPv4 and TCPv6 rules separately.
  • More information on UFW can be found at:  https://help.ubuntu.com/community/UFW
  • Click on the Next button.

...

Performance and Hardware Settings

Info

Image Modified

  • In situations where a workstation, or other client, has incorrect date/time settings, and is sending log data to Snare Central significantly out of sync with the correct date/time, the collection subsystem can be configured to discard events that are older than a certain number of days.

    • Note that date-based discard does introduce a small performance penalty for collection rates.
  • Event and Memory thresholds should generally not be changed unless otherwise advised by your Snare Central support team.
  • Version 8.0 of the Snare Server includes a new, faster, query engine. For complete backwards compatibility, the SnareStore interface can be disabled. It is recommended that this option be left at the standard setting unless otherwise advised by your Snare Central support team.
  • Realtime Query Limit - Snare Central limits the number of concurrent realtime queries to 10 by default - any extra active queries will have an impact on your event collection rates.

  • If your server has an optical writer (CD / DVD) installed, you can select the preferred default device here. Click on the Next button. A final screen will be displayed, reminding you of the location of the Snare Central documentation.

    • This setting will be used by the automated data archive objective, if you choose to schedule it.

...