Page Comparison

...

• Other Operational Changes
• One click to apply configuration. After saving your individual settings per page, just click Apply Audit Configuration & Restart Service button to apply the new configuration to the agent.  
• Implemented PCRE Regular Expression filtering for Event Objectives.
• Uses the same mechanics for Dynamic DNS Checking for destination lookups.
• Improved error checking in the UI.
• Improved session handling along with the new HTTPS features
• Enhanced debug log options when run in command line debug mode (/usr/sbin/SnareDispatchHelper -c -d9) and when using the Heartbeat option. 
• The agent validates its configuration fully, and revert to defaults if invalid settings are found in the snare.conf file.
• Improved multi threading and UI speed improvements so the agent can operate faster on large highly loaded systems.
• Various security improvements and hardening including: Address Space Layout Randomization (ASLR), Stack buffer overrun detection and Heap Corruption detection
• Added functionality to the RPM package and the agent on initial load to detect instances where SELinux is set to enforcing and warn the user that the agent may not behave correctly.
• Objective filters can now support negative values. This is useful when you are only interested in events from system calls with specific return values. For example, an objective to collect unauthorised file accesses for all users and root could set the Audit Filter term to "exit=-EPERM,auid>=500,auid!=4294967295".
• Support added for RedHat's Kickstart system to allow installation before the audit.rules file is generated.

...