...
...
...
...
...
...
...
...
Autoremove Data
This objective aids with provides a mechanism to automatically manage the large amount of data that Snare Central handles. This allows the Snare administrator to is capable of collecting. Snare administrators can establish scheduled deletion tasks based on data age, log type, log name or agent.
Standards like PCI DSS have minimum time retention on logs, and the Autoremove Data capability allows automatic purging of Snare data after a defined period of time. This also aids with keeping disk space under control. This feature is flexible enough to support different log data aging criteria for different types of data or different sources of the data (agents). This is very important due to the diverse events that Snare Central manages.
...
| Info |
|---|
|
When configuring this objective the administrator will be able to list, create, delete, modify and schedule 'autoremove tasks. The administrator will be required to define each autoremove task a type of data that is going to be deleted, a matching criteria (with regex conditions) upon the data (like a name, or address), the age of the data to be deleted and a schedule to let the server when this task shall be executed. ' tasks. Snare Central support up to 100 auto-remove tasks. This objective supports the following types of autoremove tasks
The following criteria are available:
- Agent: files associated to with this Agent (or group of agents) matched by the Condition and Value fields.match term
- Date: files associated to with this Date matched by the Condition and Value fields.match term
- LogType: Autoremove files associated to this LogType (or Snare Table name) matched by the Condition and Value fields.with this Log Type match term
- All: Autoremove Remove all files that complains with meet the defined age criteria.
...
- .
...
A Test button is provided for testing the matching and age criteria upon the actual Snare data showing a list of files that will be affected by the task.
| Infotip |
|---|
A list of deleted files will be logged in the Snare Log file after a successful execution, or any messages will be displayed if there any errors with the deletionalong with any notifications as a result of problems with the removal process. |
Data Backup
Snare can backup data to optical, or removable USB media. Select a device type to continue to the data archival process.
| Info |
|---|
|
Optical Media - Interactive
Selecting either the CD or DVD options will present an option to generate either:
...
Once the process has completed, the dialog will offer you the opportunity to display, or remove the files that have been transferred to CD/DVD.
| Tip |
|---|
| Snare validates the CD or DVD after generation, to make sure that files of the correct name and size have been copied to the optical media. However, for peace of mind, it is highly recommended that the physical media, and contents, be checked on another server before the files that have been migrated off the server, are removed from the Snare data archive. |
| Info |
|---|
|
If you have chosen to generate an ISO image, the image file will be available for download from the front objective output page. You can also choose to remove the CD or DVD from the dialog that pops up when you select the download link, or request an MD5 checksum of the image, to provide a level of assurance that your download matches the image generated by the Snare Server.
| Info |
|---|
|
Optical Media - Scheduled
When run as a scheduled task, the objective will check the configuration settings for your preferred optical media type (CD or DVD). On regeneration, the objective will create a CD or DVD sized ISO image, which will be available to you to download and burn to a local CD/DVD drive.
...
- Data from 'last month' only.
- Data that is more than 30, 60, 90 or 365 days old.
USB Media
Choosing the 'USB Drive/Key' button will allow you to synchronise all, or a portion of your current event log data, with a USB device.
...
Existing data already present on the device will be compared against the current contents of your data archive, and only new, or changed, data will be copied across to the target device. Data that already exists on the target device, but has been removed from the Snare Server data store, will not be touched.
| Tip |
|---|
| 1 terabyte external USB drives are common, and reasonably cheap. A 1 terabyte external USB drive can hold somewhere near 40-50 terabytes of compressed snare log data - which is roughly equivalent to a year's worth of data at 5,000 events every second, for the entire year. |
...
Choosing a USB device as a target device, and setting the objective to regenerate nightly with all data other than the current day, will provide an automated external backup solution for eventlog data. Once you have either filled the external drive, or wish to swap to other media, any data that has been copied over to external storage can be removed manually, and the USB media synchronisation reestablished for the new device.
Remove Data
The Remove Data objective provides the ability to remove data by date, log type or agent.
...