Versions Compared

Version Old Version 1 New Version 2
Changes made by

Anonymous

Leigh Purdie (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Snare Central provides a dynamic, application-style point-and-click user interface, directly from your web browser. Each of the three section buttons displayed in the top-right corner of your browser (Agent Management, Reports, Status, System) corresponds to a range of capabilities, as discussed below. The navigation panel can be expanded or contracted using the blue arrows at the top-right of the panel.

Agent Management  Image Modified

This section allows you to manage the configuration of Snare Agents that report to the Snare Central.

In the Agent Management section, you will find functions to:

  • Retrieve system data, such as Users and Groups, from the Snare Agents reporting to the Snare Central.
  • View and manage configuration on your agents provides a remote management interface .
  • Connect to the Snare Agent Manager (SAM) to manage and license your agents.


More details on the objectives available in the Agent Management of this document.                                                                                                                  

Image Modified
 

Reports  Image Modified

A simple search tool is available near the top of the panel. Entering text into this panel will highlight the objectives, and all parent paths associated with the objective(s), in bold text.

Additional objectives can be:

  • Created by Snare Central users, either from scratch, or by cloning and modifying an existing objective.
  • Downloaded from the InterSect Alliance web site.


By default, the reports area will contain objectives relating to:
Active Scanning

  • Example: Scan the local network, and
conduct a network vulnerability analysis
  • report on hosts and open ports that are found.
  • Example: Connect to the organisational border router and download the current configuration settings. Compare these settings to an authorised baseline configuration, and highlight any changes that have been made.


Application Audit

  • Example: Display a list of inappropriate material that has been accessed through the organisational proxy server.
  • Example: List users who have utilised the UNIX 'SUDO' command.


Network

  • Example: Display a geographic map of IP addresses that have been denied access by the organisational Checkpoint Firewall.
  • Example: Report on the top ten hosts that have initiated a port scan against the organisation, as reported by the gateway network intrusion detection system.


Operating Systems

  • Example: Generate a real-time alert when a user outside an authorised list, attempts to access a sensitive file on a Windows file server.
  • Example: Send a daily email to security administrators, if the list of users in the Domain Administrators group changes.


Snare Central

  • Example: Display a report that shows users who have modified the configuration of any Snare Central objectives.


User and Group Snapshots

  • Example: Based on the information provided by the Snare Agent for Solaris, produce a report showing any unauthorised members of the 'sensitivedata' UNIX group.
Image Removed

Image Added

Status Image Modified

This section allows you to access information relating to the status of the Snare Central, including:

  • A simple overview of the systems that have sent event data to the Snare Central over the course of a configurable number of days.
  • General statistics on the type, distribution and volume of log data that currently resides on the Snare Central.
  • An overview of the data that is currently coming into the Snare Central, in order to determine whether a newly installed agent is reporting to the server.             
  • General system information, relating to the hardware on which the Snare Central resides.
  • Potential problems that the Snare Central has detected, and wishes to inform you of.


More details on the objectives available in "Status" are available further down in this document.             

Image Modified

System Image Modified

This section allows you to access functions that manage and maintain the Snare Central and its users., and also manage the configuration of Snare Agents that report to the Snare Central.

In the Administrative Tools section, you will find functions to:

  • Manage the anti-virus installation, including the capability to update to the latest signatures.
  • Modify settings via the Configuration Wizard.
  • Modify system configuration settings such as IP address, DNS servers, and time zones.
  • Display log files that may help the Snare Central support team to provide you with assistance.
  • Update the Snare Central with new software, patch existing applications, or install new objectives.
  • Manage users, and internal Snare Central settings.


Data Backup and Restoration allows you to archive Snare Central log data and objectives to optical media, or synchronise the data store to externally attached USB drives.
Data Management Tools includes the Disk Manager, making it easier for customers to manage their storage resources.


More details on the objectives available in the System section of this document.

Image Removed

Image Added