Versions Compared

Version Old Version 1 New Version 2
Changes made by

Andrew Madge

Andrew Madge

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview


Snare Central provides close to 150 pre-configured reports to meet common security and compliance needs of our customers.
On top of these, custom reports can be created.

...

Search reports and containers by their name
Use Back to Search Results link in the Reports breadcrumbs area to return to your search results.

Sort all reports and containers by name in Ascending or Descending order

Add new container
Container can only be created at the root level of the Reports, and then can be dragged and dropped to another location.

Tip
A new container is a temporary item that only exists for the duration of the session of the current logged in user (ie: two hours by default), and will not be visible to other users of Snare Central. It will not become permanent, or visible to other users, until you add an objective to the container.


Add new report (objective)

By default, the new objective will be configured with very simple settings. You can then select the objective and proceed with changing the configuration, access controls, or schedule settings to your requirements.


Drag and drop containers and reports

Info

Rearranging the location of an objective, or container, will change the location for all users of Snare - not just your account.


Clone, rename or delete a report (objective) by clicking the ellipsis (...) in the report line and selecting from the actions list.

Tip
Snare Central does not enforce uniqueness of the objective name, you can potentially have two objectives with exactly the same name, that have different configurations, access controls, and scheduling. However, in order to limit confusion, it is advisable to give an objective unique and descriptive name.

When you choose the Delete option, a dialog will appear, notifying you that the objective will be removed for ALL USERS of Snare Central. You will be asked for confirmation before proceeding.

Selecting the Delete button from the dialog, will remove the objective, and associated objective configuration settings.

Rename, recursively delete, or export the contents of a container, by clicking the ellipsis (...) in the container line and selecting from the actions list.

In a situation where you have chosen to remove a container, but you do not have permission to remove some or all of the underlying objectives, Snare Central will check each objective for authorisation, and only remove those that you are authorised to delete. In this case, the original container will remain after the process has completed.

Dynamic Search

Search for events using a search-engine style interface across multiple log sources, with 'Dynamic Search'.

Tip
titleDynamic Search

Dynamic Search may be used to quickly sift through information across multiple log sources, at the expense of completeness. The following filters are available for this tool:

  • Find Events that contain: Enter a string or event id
  • Within the following date range: Select from a date range or time period e.g. This Month
  • Data Sources to Search: Potential data sources which may be sending log data to Snare Central e.g. WinSecurity, GenericSyslog
  • Query Timeout (seconds): Defaults to 60 seconds, but may be increased if searching on a larger subset of data sources or time range.

Note that data that arrives at the Snare Server may take up to fifteen minutes to process and become available for this objective.


...

  • A query builder that allows you to create very complex search criteria, incorporating precedence, logical operations, and advanced matching capabilities.
  • A 'Token' definition system that can pull fields contained within particular consistent patterns, out of an event of interest.
  • A range of potential output modules, such as 15-minute pattern maps, tabular event data, graphs, and so on.
  • The ability to be scheduled to run on a regular, defined basis, and the potential to send output via electronic mail to data owners, system administrators, network administrators, and security administrators.
  • Real-time reporting capabilities for events that match the search criteria.

Objective Templates

Snare includes a range of 'templates' (often referred to as an 'Objective Type' in the Snare Central user interface) to make the job of a security administrator easier when crafting a new objective.

...