Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

  • View Log File
    • Accessing and viewing Snare Central log files can now be easily done via clicking the drop-down menu and select from the list of log files available in your Snare Central.


  • Share or Email a Copy of Log File
    • To share or email a copy of log file, first select the target log file from the drop-down menu.
    • Then input the email address of the recipient int in the provided input box.
    • After that, Click the "SEND EMAIL" button to email the log file directly.

...

Note
titleNote:
  • Increasing the Snare Central debug level (see the section above on "Configuration Wizard" for more information), will significantly increase the amount of data that is written to log files.
  • To use the email feature, make sure that the "Email Setup" in the Configuration Wizard are properly set (see the section above on "Configuration Wizard" for more information).

...

Warning
titleDeprecated

The separate tool for display Snare Service Monitor log file is deprecated. It is now part of a more robust "Display the Snare Central Log Files" tools which will let you access, view and email a copy of not only Snare Monitor log file by , but also other log files available in you Snare Central (see Display the Snare Central Log Files section in this page).

...

The Snare Central allows modification of it's IP address, netmask, default gateway and DNS server settings, these values can be adjusted individually for each Ethernet card, providing flexibility in network management of your Snare Central.

...

  • To change the settings value, click the "Edit" icon located in the upper right corner of the Ethernet card you want to modify.


Image Added

  • Then in the pop-up Update Interface, you can modify the values then click "EDIT" button to save the changes
  • .

...

  • made or "CLOSE" button to exit the Update Interface without saving/applying the changes.


Note
titleNote:
  • IP Address Change : Once the IP address is modified, the server will no longer be reachable via the old IP address.
  • Impact on Connectivity : If your browser was connected to the old IP address, it may become unresponsive after the IP address change.

...

This objective provides summary information on current objective scheduling, target email addresses, and access controls. A link to each objective also enables you to modify the associated configuration settings.

Manage Plugins

The team at InterSect Alliance provide development services for customers, such as creating Snare Central objectives that meet specific organisational requirements.  We release these customisations as 'Snare Central Plugins', which can be installed using the normal 'Snare Central Update' capability, and can be turned on/off using the 'Manage Plugins' objective."

My Account

Your Snare Central password can be changed in this objective. Last login date/time information is also available.

...

Threat Intelligence Configuration

Snare Server 8.0+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Advanced Threat Intelligence (SATI) module. Enabling the threat intelligence capability on the Snare Central Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.

Delivery of data to a non-local elasticsearch instance is also supported. Currently all log types that Snare Central receives will be forwarded to the destination server.the list of log types are as follows:


...


Enabling SATI delivery will display an overview of the currently enabled forwarding filters.

...


...

Delivery of data to a non-local elasticsearch instance is also supported. The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 8.0 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.

...