Table of Contents |
---|
...
This objective provides summary information on current objective scheduling, target email addresses, and access controls. A link to each objective also enables you to modify the associated configuration settings.
Manage Plugins
The team at InterSect Alliance provide development services for customers, such as creating Snare Central objectives that meet specific organisational requirements. We release these customisations as 'Snare Central Plugins', which can be installed using the normal 'Snare Central Update' capability, and can be turned on/off using the 'Manage Plugins' objective."
My Account
Your Snare Central password can be changed in this objective. Last login date/time information is also available.
Note that Snare Central implements several password security policies, including:
...
Threat Intelligence Configuration
Snare Server 8.0+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Advanced Threat Intelligence (SATI) module. Enabling the threat intelligence capability on the Snare Central Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.
Delivery of data to a non-local elasticsearch instance is also supported. Currently all log types that Snare Central receives will be forwarded to the destination server.the list of log types are as follows:
...
Enabling SATI delivery will display an overview of the currently enabled forwarding filters.
...
...
Delivery of data to a non-local elasticsearch instance is also supported. The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 8.0 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.
...
- The Administrator username and password do not have to be shared and
- It will be possible to identify which user is accessing and configuring Snare.
This objective allows you to create users and groups.
Info |
---|
Group Management
The groups built into Snare Central are : Administrators, SuperUsers, PowerUsers and Default.All users are automatically included in the 'Default' group.
- The 'Administrators' group has the same access as the 'administrator' userid with the exception of a number of functions that are restricted to the 'administrator' (eg: Changing the password of the Administrator account).
...
- The 'SuperUser' group has no particular privileges
...
- but can be used to group accounts with significant privileges to objectives, if you wish to take advantage of it.
...
- The 'PowerUsers' group may access all reports and all objectives in status, and to their own account.
- After the group has been created, you may fine tune access rights for each particular group via System | Administrative Tools | Manage Access Control.
You may define as many additional Groups as possible, and assign to each one of three access right profiles:
Info |
---|
- Default. With access to the following objectives:
- System/
...
- Administrative Tools/My
...
- Account
- PowerUsers. With access to the following objectives:
...
- Executive Dashboard
- Cyber Network Map
- Event Search
- Everything under Reports
- Everything under Status
- System/Administrative Tools/My Account
- SuperUsers. With access to the following objectives:
- Executive Dashboard
- Cyber Network Map
- Event Search
- Everything under
...
- Analytics Dashboards
- Everything under
...
- Reports
- Everything under Agent Management
- Everything under Status
- Under System/
...
- Administrative Tools/
...
- Cloud Log Collection Configuration
- Configure Collection/Reflector
- IP Address Configuration
- Import Objectives
- Manage Nightly Updates
- My Account
- Shutdown / Reboot Snare Central
- User Administration
- Under System/Data Management Tools/
- Arbitrary Data Import
- Autoremove Data
User Management
Administrator can create, modify and delete a user.
Creating new Snare Central user
Info | ||
---|---|---|
| ||
- User Name should be unique.
- Password should follow Snare Central's password security policies, as indicated below:
- 90 Day Rotation
- Password reuse protection
- Last password similarity checks
- Password complexity requirements
- Account locking on multiple failed login attempts
- Dictionary word exceptions
- If a password does not meet
...
- the requirements identified above, an error message will be displayed during password definition.
- A user can be assigned into one group or multiple groups(including custom groups) depending on the desired access rights.
- All users are automatically included in the 'Default' group.
Updating an existing Snare Central user
Info | ||
---|---|---|
| ||
- Once a user is created, the created user will use the global Auto LogOut settings, or the Administrator can configure a customized settings per each user.
- In situations where an account
...
- was locked due to several failed login attempts,
...
- like below:
- An additional configuration setting on the
...
- Update User screen will offer the
...
- Administrator the capability to unlock a Snare Central user account.
- If an account is not unlocked,
...
- it will automatically unlock after 30 minutes
...
- .
Operating System Password Controls
...