Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Snare Central ships with a large number of default Reports and (starting from v8.6.0) Analytics Dashboards (AKA objectives) that suit a diverse range of organisations, and meet security-related regulatory requirements.
However, there may be situations where additional specialised Reports or Dashboards are made available to users of Snare Central, or need to be transferred from one server to another.

The 'Upload a previously saved Objective(s) or Analytics Dashboards archive' button section allows you to select and import objectives from a file stored on your local workstation.
In situations where you have previously used the 'Objective Export' capability by right-clicking on a container, the objectives will be exported to either a local file, or via email, to a selected destination user.

Objectives will be imported into a new container, called "Imported Objectives YYMMDDHHMMSS" (where YYMMDDHHMMSS represents the date/time of import).

The 'Import from a locally stored snapshot of the InterSect Alliance Objective Store' button section allows to import objectives from a local objectives store. Click the Image Addedicon besides the desired objective package to import it.

Manage Access Control

To access this area, LDAP groups should be enabled in Configuration Wizard | Security Setup | Snare Central, or Local User groups should be defined in User Administration.  This objective provides an easy and flexible interface for changing Objectives access controls at the group level for both local groups or groups defined on an identified LDAP/Active directory server.

...

Info
titleMaxMind License Key

Image Added

In order for Snare Central to download the latest GeoIP2 database from MaxMind, you must first configure a MaxMind license key. Click "Configure" in the "Manage Nightly Updates" page, enter your MaxMind license key in the dialog box then click set.

The update tasks are disabled by default and scheduling for each task is fully configurable.

...

This objective provides summary information on current objective scheduling, target email addresses, and access controls. A link to each objective also enables you to modify the associated configuration settings.

Manage Plugins

The team at InterSect Alliance provide development services for customers, such as creating Snare Central objectives that meet specific organisational requirements.  We release these customisations as 'Snare Central Plugins', which can be installed using the normal 'Snare Central Update' capability, and can be turned on/off using the 'Manage Plugins' objective."

My Account

Your Snare Central password can be changed in this objective. Last login date/time information is also available. Note that Snare Central implements several password security policies, including:

...

Threat Intelligence Configuration

Snare Server 8.0+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Advanced Threat Intelligence (SATI) module. Enabling the threat intelligence capability on the Snare Central Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.

Delivery of data to a non-local elasticsearch instance is also supported. Currently all log types that Snare Central receives will be forwarded to the destination server.the list of log types are as follows:


...


Enabling SATI delivery will display an overview of the currently enabled forwarding filters.

...


...

Delivery of data to a non-local elasticsearch instance is also supported. The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 8.0 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.

...