| Tip |
|---|
Snare Windows Agent with Event Collection v5.7.0 was released on 2527th January 2023. |
Security Updates
- 3rd party libraries upgraded:
- OpenSSL upgraded to version 3.0.7
- Boost upgraded to version 1.79.0
- Windows certificate handling was updated to use more secure certificate keys handling method
- Event Checksum, appended to events if enabled, was changed from MD5 to SHA3-512 hash
| Note |
|---|
Customers, who have event checksum enabled, may need to adjust their event integrity validation tools to use SHA3-512 instead of MD5. |
New Features and Enhancements
Windows Advanced Auditing can now be enabled and configured via a Snare Agent.
Advanced Audit Policy provides more granular control over Windows auditing so you can capture what’s important and eliminate noise.
Snare Agent provides a set of out-of-the-box Advanced Audit Policies for collecting useful events.
Snare Agent allows to easily switch between Basic and Advanced Windows Auditing, and provides a friendly web interface for configuring Advanced Audit Policies, with an option to apply additional event filters by user and text.Info title Licensed Feature Requires license feature Snare WEC Advanced Auditing.
See Audit Policies Configuration User Guide for more details.
Snare agent now supports Windows 11
- Self-signed certificates generated by Snare Agent on demand will now be named "Snare Agent"
- More detailed debug logging for when Snare Service receives a signal from OS
...