Versions Compared

Version Old Version 6 New Version 7
Changes made by

maria ieropoulos

Leigh Purdie (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Welcome to the Snare Wizard

...

    • Enable or disable the Basic Snare Firewall, which uses the UFW firewall to configure IPTables. For normal operation of the Snare Central, the firewall should be left enabled; it will only block those ports that do not have an associated snare-related service active.

      • When the Snare Firewall checkbox is enabled, the currently active firewall rules will be shown in the Active Rules section, and the Backup & Restore section is available. It is possible to make a backup of the current rules and restore them if required.

      • Clicking on any active rule will bring the edit rule form where you can delete the selected rule or change some parameters like destination port number, transport protocol, policy and origin.
      • It is important to note that when adding a new rule, by default ufw will create the same rule for both TCPv4 and TCPv6. However when deleting a rule you need to delete the TCPv4 and the TCPv6 separately.
    • More information on UFW can be found at:  https://help.ubuntu.com/community/UFW
    • Click on the Next button.

...

  • Enter the DNS Name or IP address of an SMTP email server. If you want to use SMTPS (SMTP over SSL or TLS) you can specify the authentication protocol to use as well as SMTP Username, SMTP password and SMTP port (587 is the default). Please note that SMTP authentication without encryption is not supported.  There is the ability to send a test email with outcome presented on screen, and to the nominated email address.
  • If you set the default address to append for your organisation, Snare will add this on to any email addresses specified in the scheduled task settings associated with each objective.
    • For instance, if you add 'dni.gov.au' here, you can specify 'fred.bloggs' in a scheduled task email configuration item, rather than 'fred.blogs@dni.gov.au'.
  • Enter the Reply-To address that the Snare Central should use to send emails from.
    • This will set any email 'reply to' addresses to this entry. If users hit their 'reply' button on a Snare email, this will be the address that email returns to. It is recommended you configure this to be your IT helpdesk, or a member of your security team.
  • Select the preferred email distribution mode
    • In general, it is recommended that each objective is configured to send out data independently of other objectives. If 'One email per user will go out..' is selected, there may be a delay of up to 15 minutes after an individual objective completes, before the collection of generated objectives is sent to the destination user.
  • If your organisation requires a classification header to be included within the electronic mail messages sent with an objective, add it here.
    • You may also choose to prepend, or append, the classification message to the subject line.
  • If you are using an older mail client that cannot handle inline HTML formatted mail, the option in Mail Format section gives you the chance to turn HTML content off. Objective output will still be included as an attachment to the electronic mail message.
  • Whether or not to generate PDF attachments on emails for real time Alerts.
  • Click on the Next button.

SNMP Setup

...

Image Added










  • Enter the DNS Name or IP address of a SNMP Manager server.  By default the UDP port number is 162.
  • Set the SNMP version, 1,2 or 3c. Selecting 1 or 2 enables entry of the community name. Selecting 3c enables further authentication and encryption options to be entered.
  • Specify the full enterprise object identifier for the trap you want to send.
  • Depending on the SNMP version chosen, you will be required to provide a Community name or Username and Password as well as further authentication and encryption information.
  • Click on the Next button.

...