Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tip

Snare Linux Agent v5.9.0 was released on Xth November 3rd December 2024.


Warning

Since v5.8.0, upgrading Snare Agent from versions earlier than 5.4.0 for Agents that had password enabled is not supported.

Customers who need to upgrade the Agent from pre-5.4.0 version, are advised to perform a two-step upgrade:

  • Step 1 - Upgrade from pre-5.4.0 version to v5.7.0 or 5.7.1
  • Step 2 - Upgrade from v5.7.* to the latest version

Security Updates

  • 3rd party libraries upgraded: 
    • OpenSSL upgraded to version 3.2.0
    • Boost upgraded to version 1.84.0
    • SQLite version updated to latest 3.44 series
  • GUI password is now enforced for all agents. If no password was set, or the login password does not meet complexity criteria, the user will be required to set a GUI password

    Note
    titlePassword Complexity Requirements

    Starting from Snare Agent version v5.9.0, the following GUI password complexity rules are enforced:

    • 10 to 128 characters in length
    • Not more than 2 identical characters in a row
    • 3 out of the following 4 complexity rules: 
      • At least 1 uppercase character (A-Z)
      • At least 1 lowercase character (a-z)
      • At least 1 digit (0-9)
      • At least 1 special character (punctuation or space)


  • Installer now requires password (with complexity requirements) if Agent web interface is enabled
  • Replaced usage of deprecated OpenSSL functions with appropriate alternatives.
    The changes are related to TLS connection and certificates handling, RSA signing, hashes, signature generation and verification during licensing.

New Features and Enhancements

  • Snare Enterprise Agent for Ubuntu 24.04 is now available
  • Snare Agent can now deliver event logs directly to Devo Syslog Event Load Balancers (ELB):
    • New mutual TLS (mTLS) protocol was added to the Network Destination Configuration in the Agent
    • New mTLS Certificate selector was added for mTLS Network Destinations in the Agent. Note: the certificate and its chain of trust is expected to be installed on the endpoint as a prerequisite of using it in the Agent. 
    • New DEVO and DEVO JSON formats were added to the Network Destination Configuration in the Agent. 

      Note

      DEVO and DEVO JSON formats are reserved for future use, and are not yet fully supported by both Snare Agent for Linux and Devo


  • Snare Agents menu items were rearranged to group them under new submenus, such as Log Sources (that includes Audit Policies, FIM, Log Files and Filters) and Advanced (for the less commonly used items).
    Some items were renamed: Audit Service Status > Agent StatusAudit Policy Configuration > Audit Policies; Log Configuration > Log Files; Log Filter Configuration > Log Files Filters

               
                        v5.8.1                                                          v5.9.0

  • Improvements to the Audit Service Statistics page to make labels clearer and display accurate data

               

                                  v5.8.1                                                                                     v5.9.0

  • Web GUI password can now be reset using Reset Password button added to Access Configuration Web Page
  • Web GUI password can now be reset from command line interface by running agent executable with -p (or --password) flag followed by the new password

    Note

    Complexity rules for the password are now enforced. See Password Complexity Requirements under Security Updates section above.


  • Added new configuration setting Disable License Pre-Expiry Heartbeats to allow disabling heartbeats related to upcoming license or support expiry. This is useful for scenarios where SAM issues Agent's license for a short period of time, and close expiry heartbeats are not desirable. This setting can be found on the HeartBeat & Agent Log page
  • Improved the SAMC Agent status on Agent Status page for un-managed master agents
  • Improved mechanism ensuring that only one Agent service instance can run at a time
  • Improved Agent logging related to IP addresses, to help troubleshoot relevant issues
  • Latest Events page now displays throughput for destinations (label change for clarity)
  • Removed the repeated log messages when agent is set to use TLSv1.3 as minimum
  • Other code clean-up and usage of safer functions

Bug Fixes

  • Agents policies management via SAM:
    • Fixed the issue where Agent configuration could get reset to defaults (and thus Agent would disconnect from SAM) after Agent Policy Group that managed this agent is deleted in SAM, and the Agent gets reassigned to the top-level Supported Agents group
    • Fixed the issue where removal of all destinations, or all policies of certain type (Audit, Log, FIM, RIM, FAM or RAM) from the Master configuration in SAM was not reflected in the managed Agent.
      If SAM provided no policies of certain type, the Agent was incorrectly falling back on the pre-existing local policies. 
    • Fixed Local/Remote tagging of the policies and configuration settings in the Agent UI
    • Corrected SAMC Status after agent receives a configuration from SAM
  • Removed DNS resolver check for IP Address allowed to remote control SNARE configuration setting. This will support scenarios, where IP/Hostname does not exist on the current domain but will be available in the future.
  • Fixed leap year bug, where Agents installed on February 29 failed to create a self-signed certificate, which caused GUI to be unavailable
  • Resolved the issue where modified or deleted destination was still listed on the Latest Events page
  • Fixed disabled "Export HeartBeats to file?" checkbox on HeartBeat & Agent Log Configuration page 

User Guide

The following is an offline version of the User Guide related to this release.


For an up-to-date version refer to the online version here.

...