...
Follow steps outlined here to install the Snare agent. Agent Installation - Snare Windows Agent v5 Documentation - Confluence
Once the agent is installed, login the web UI (https://localhost:6161) and select “Destination configuration”.
Under the “Network Destinations” section, enter the domain/IP address , port
...
Follow steps outlined in Securonix documentation to configure required parsers:
and port for Snare Reflector, and ensure Format is “Snare” and “Delimiter Character” is “Tab”.
...
Configure the Snare reflector with the following policies below:
Datasource | Format in Reflector | Filter value (include) | Filter comments |
|---|---|---|---|
Apache Web Server | Syslog RFC 3164 | ApacheLog | |
Microsoft ADFS | Raw | AD FS/Admin | |
Microsoft Defender | Raw | Microsoft-Windows-Windows Defender/Operational | |
Microsoft DHCP | Syslog RFC 3164 | MSSQL\$MICROSOFT##WID|MSSQLSERVER | Replace MSSQLSERVER with instance name |
Microsoft DNS Server | Syslog RFC 3164 | MSDNSServer | |
Microsoft Exchange Parser | Syslog RFC 3164 | ExchangeLog | |
Microsoft IIS Server | Syslog RFC 3164 | IISWebLog | |
Microsoft Windows Powershell | Syslog RFC 3164 | Microsoft-Windows-PowerShell/Operational | |
Microsoft Windows Snare Application | |||
Microsoft Windows Snare Security | |||
Microsoft Windows Snare System | |||
Microsoft Windows Sysmon | |||
Microsoft Windows Sysmon | |||
RADIUS_NPS | |||
Windows MSSQL Via Syslog SNARE | |||
Windows MSSQL Via Syslog SNARE |
Note: Securonix has various parsers for log data generated and sent from Snare, details on this can be found at the below links. Only steps relating to Securonix configuration need to be followed.
...