Versions Compared

Version Old Version 1 New Version 2
Changes made by

maria ieropoulos

maria ieropoulos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Snare Server Central employs a 'Web 2.0' style interactive application interface, employing drag and drop, popup dialogs, and dynamically updating data.

The Snare Server Central interface is generally divided into four 'panels', as shown in false-colour, in the image below.

The 'green' panel provides buttons for performing common functions and switching between the different navigation menus. Some of these buttons are greyed out when they are not available for use for the current objective.

  • These buttons are, in order left to right:
Image Removed

Image Added

The Snare Logo, which takes you back to the dashboard.

Modify the configuration of the currently open objective.

Change who can access, or modify the configuration of the currently open objective.

Configure the objective to regenerate on schedule, and modify the email distribution list.

Add the currently displayed objective to the regeneration queue.

Displays the currently queued and regenerating objectives.

Provides the option to download attachments generated by the currently open objective.

Logs you out of your current session on the Server Server.

Image Added

Switch to the Agent Management Console.

Image Modified

Switch to the Reports navigation menu mode.

Switch to the Status navigation menu mode.

Switch to the System navigation menu mode.

...

A range of default objectives will be installed in the 'Reports' area for you by the Snare Server Central Installation process.

 

Tip
titleDynamic Search



Dynamic Search may be used to quickly sift through information across multiple log sources, at the expense of completeness. The following filters are available for this tool:

  • Find Events that contain: enter a string or event id
  • Within the following date range: select from a date range or time period e.g. This Month
  • Data Sources to Search: potential data sources which may be sending log data to the Snare Server Central e.g. WinSecurity, GenericSyslog
  • Query Timeout (seconds): defaults to 60 seconds, but may be increased if searching on a larger subset of data sources or time range.

...

Over to the right-hand side of the area, the amount of time that the server has been running without reboot will also be displayed, and if the Snare Server Central Health Checker needs to inform you of an issue that requires your attention, an animated notification icon may also be displayed.  This icon may be clicked on for further information.

The 'yellow' panel is where objectives are actually displayed. When you select an objective from the 'blue' panel, this panel updates to show you the objective.
Many objectives display portions of the objective results in 'tabs' at the top of the page. These can be individually clicked to scan through the results. The type and function of these components is objective dependent, but will often include:

...

Tip

In order to provide a modern, interactive user interface, the Snare Server Central utilises some features available only in more modern browsers. Users of Internet Explorer version 8 or prior, or Firefox 3 or prior, may experience slow response from JavaScript engines, poor quality graphics, or other degraded capabilities.

...

Tip

You may notice a slight reduction in user interface performance once per hour, just after the new hour turns. Snare takes the opportunity to pre-cache results from your currently defined objectives on a regular basis, which can reduce interface response on single processor systems for a short time.

This feature can be turned off in the performance section of the Snare Server wizardCentral Configuration Wizard.
Pre-caching can provide significant performance benefits for objectives that are generated weekly or at greater time periods. Objectives that are generated daily, may notice slight performance benefits. If your objectives are consistently being regenerated more frequently, having pre-cache turned on, may actually negatively impact the overall performance of your Snare ServerCentral.