Versions Compared

Version Old Version 2 New Version 3
Changes made by

Svetlana Sheptiy

Svetlana Sheptiy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tip

Snare MSSQL Agent v5.6.0 was released on Xth May 2022.

Security Updates

  • Removed MD5 and SHA1 hashes from the release metafiles. Only SHA512 of SHA-2 family is now used for verifying integrity of binary files.
  • 3rd party libraries upgraded: 
    • OpenSSL upgraded to version 1.1.1m
    • curl upgraded to version 7.79.1

New Features and Enhancements

  • Snare Agent for Microsoft SQL Server can now be configured to collect Extended Events, and not only Trace events. 
    This adds ability to have granular control over the logs collected from the MS SQL server, with over 1,800 event types available for collection (depending on the version of MS SQL server).
    • Use the new View Extended Events page to explore the tree of categories and events available on the current server. Use Filter to find events of interest by name.
    • On the Audit Policies Configuration page use the new Add Extended Event button to add a new Extended Event Policy. 

    • Adding Trace policy is still supported, but is not recommended, as this auditing method was deprecated by Microsoft. 

Info

This new feature needs to be used in conjunction with SNARE v2 format when sending Extended Events to Snare Central. 
It is recommended to use Snare Central v8.4.0 or newer. 

           For details please refer to the User Guide for Snare MSSQL Agent.

  • A new checkbox setting was added on the Agent's Access Configuration page allowing to disable TLS 1.2 and use TLS 1.3 as a minimum for web UI connections
  • The name of the self-signed certificate generated by the Agent by default was changed from the host name to "Snare Agent"
  • The Snare debug log (sometimes required for troubleshooting by Snare Support) can now be generated from Web UI without stopping the Agent.
    Navigate to Snare Log page in Agent's Web UI, configure the output directory and the duration of debug log capturing, and click Start Debug Log.
    Stop Debug Log button allows to stop logging before the configured time has elapsed.

  • Memory usage optimisation for Heartbeat logs handling when 'Agent Logging Options' is set to Trace level and 'Agent Heartbeat Frequency' is set to a longer period

  • A warning will be displayed on the Destination Configuration page when sending to Snare destination using TLS_AUTH protocol, but without changing the default TLS_AUTH Authentication Key

...