Versions Compared

Version Old Version 25 New Version 26
Changes made by

Leigh Purdie (Unlicensed)

Leigh Purdie (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Antivirus Administration

...

By clicking in the Objective name (or Objective directory) at the tree representation on the left (see image above) will select or deselect the objective(s). Once selected, one or more groups are required to be highlighted from the list provided and at least one access level to be checked in order to apply to selected objectives.

Info

Image Modified

In the image above for example a single objective named “Flag Changes” is selected and “Access Control” (Read access) for the “Snare_Server_Default” group is about to be granted.

...

This objective provides summary information on current objective scheduling, target email addresses, and access controls. A link to each objective also enables you to modify the associated configuration settings.

Manage Plugins

The team at InterSect Alliance provide development services for customers, such as creating Snare Central objectives that meet specific organisational requirements.  We release these customisations as 'Snare Central Plugins', which can be installed using the normal 'Snare Central Update' capability, and can be turned on/off using the 'Manage Plugins' objective."

My Account

Your Snare Central password can be changed in this objective. Last login date/time information is also available. Note that the Snare Central implements several password security policies, including:

...

Large files can also be uploaded to the Snare Server via the secure-shell 'scp' application. Instructions are available from the Snare Central Update main page.

Info

Image Modified



To apply an update:

  1. Select System | Administrative Tools | Snare Central Update | Upload. This invokes the Snare Central Update process.

Select Choose Update to select the patch update.  This will check the file. If it doesn't start automatically, then select Upload.

Info

Image Modified


When progress reaches 100% select Next to start the update.

Info

Image Modified


  1. The update may take up to 15 minutes.  When completed, select Return to Snare Central.

    Info

    Image Modified


Troubleshooting Updates

...

Threat Intelligence Configuration

Snare Server 7.4+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Advanced Threat Intelligence (SATI) module. Enabling the threat intelligence capability on the Snare Central Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.

Delivery of data to a non-local elasticsearch instance is also supported. Note that only a limited high value subset of the data received by the Snare Central Server, will be forwarded to the destination server.

Info

Threat Intelligence Delivery disabledImage Modified


Enabling SATI delivery will display an overview of the currently enabled forwarding filters.

Info

Threat Intelligence Delivery enabledImage Modified


The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 7.4 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.

Info

Image Modified




Note
titleMore Details

The events that are forwarded to the Threat Intelligence instance, or a remote elastic server, are governed by the configuration file /data/Snare/ConfigSettings/RealTime.config on the Snare server. This file is not intended to be user-editable at this stage, since it ties directly in with the available dashboard capabilities of the Threat Intelligence server.

Event collection rates may be significantly impacted, when this feature is active. ElasticSearch ingest rates are significantly lower than those supported by the Snare Central Server, on similar hardware. When this feature is activated, the potential Snare Server collection rates, will be governed by the elasticsearch bulk upload capabilities. In general terms, there may be one or two orders of magnitude difference between Snare Central Server collection rates, and elasticsearch ingest capabilities.

Warning: Activating the Threat Intelligence configuration, without installing the corresponding Threat Intelligence module to manage the generated data, will mean that your Snare Central Server will store significantly more data per received event, without being able to remove the associated data from the file-system via the Snare Central Server user interface.

...

Only when all files are downloaded will there be the ability to generate another support data file. This means that if you require to run Support Data again; you need to download all existing files including any 10MB files first.

Info

Image Modified


User Administration

...


This objective allows you to create users and groups.

Info

Image Modified

The groups built into the Snare Central are: Administrators, SuperUsers, PowerUsers and Default.

...


If a password does not meet the requirements identified above, an error message will be displayed during password definition.

Info

Image Modified


In situations where an account is locked due to several failed login attempts, an additional configuration setting on the user management screen will offer the administrator the capability to unlock a Snare Central user account. If an account is not unlocked, the account will automatically unlock after 30 minutes.

...