Antivirus Administration
...
This objective provides summary information on current objective scheduling, target email addresses, and access controls. A link to each objective also enables you to modify the associated configuration settings.
Manage Plugins
The team at InterSect Alliance provide development services for customers, such as creating Snare Central objectives that meet specific organisational requirements. We release these customisations as 'Snare Central Plugins', which can be installed using the normal 'Snare Central Update' capability, and can be turned on/off using the 'Manage Plugins' objective."
My Account
Your Snare Central password can be changed in this objective. Last login date/time information is also available. Note that the Snare Central implements several password security policies, including:
...
The upcoming Snare Threat Intelligence product is designed to provide real-time insight into your eventlog data, using the proven technology found in the eMite real-time analytics dashboards. Threat Intelligence can give you actionable insights in minutes. By breaking down traditional information silos, the Threat Intelligence tool gives you a competitive advantage: more transparency, process, and productivity improvements, more rewarding customer engagement, and faster innovation cycles. Please visit https://www.snaresolutions.com for further information.
Support Data Retrieval
To aid the Snare Support team in diagnosing any issues, the information may be gathered with this tool. Selecting Generate will create a compressed-encrypted tar file with the output of some diagnose commands and a few Snare and system configuration files ready for download. After several minutes the tar file will generate, where you have the ability to select the file and download it from the server to be forwarded to support when required.
If the resulting tar file is bigger than 10MB, the file will be separated into 10MB chunks for sending purposes (via email, FTP, etc.) to be reassembled by the support team.
Once a file has been downloaded, the support file will be deleted from the server. No original data will be deleted.
Only when all files are downloaded will there be the ability to generate another support data file. This means that if you require to run Support Data again; you need to download all existing files including any 10MB files first.
Threat Intelligence Configuration
Snare Server 7.4+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Threat Intelligence module. Enabling the threat intelligence capability on the Snare Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.
Delivery of data to a non-local elasticsearch instance is also supported. Note that only a limited high value subset of the data received by the Snare Server, will be forwarded to the destination server.
Enabling SATI delivery will display an overview of the currently enabled forwarding filters.
The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 7.4 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.
...
| title | More Details |
|---|
The events that are forwarded to the Threat Intelligence instance, or a remote elastic server, are governed by the configuration file /data/Snare/ConfigSettings/RealTime.config on the Snare server. This file is not intended to be user-editable at this stage, since it ties directly in with the available dashboard capabilities of the Threat Intelligence server.
Event collection rates may be significantly impacted, when this feature is active. ElasticSearch ingest rates are significantly lower than those supported by the Snare Server, on similar hardware. When this feature is activated, the potential Snare Server collection rates, will be governed by the elasticsearch bulk upload capabilities. In general terms, there may be one or two orders of magnitude difference between Snare Server collection rates, and elasticsearch ingest capabilities.
...
Threat Intelligence Configuration
Snare Server 7.4+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Advanced Threat Intelligence (SATI) module. Enabling the threat intelligence capability on the Snare Central Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.
Delivery of data to a non-local elasticsearch instance is also supported. Note that only a limited high value subset of the data received by the Snare Central Server, will be forwarded to the destination server.
Enabling SATI delivery will display an overview of the currently enabled forwarding filters.
The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 7.4 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.
| Note | ||
|---|---|---|
| ||
The events that are forwarded to the Threat Intelligence instance, or a remote elastic server, are governed by the configuration file /data/Snare/ConfigSettings/RealTime.config on the Snare server. This file is not intended to be user-editable at this stage, since it ties directly in with the available dashboard capabilities of the Threat Intelligence server. Event collection rates may be significantly impacted, when this feature is active. ElasticSearch ingest rates are significantly lower than those supported by the Snare Central Server, on similar hardware. When this feature is activated, the potential Snare Server collection rates, will be governed by the elasticsearch bulk upload capabilities. In general terms, there may be one or two orders of magnitude difference between Snare Central Server collection rates, and elasticsearch ingest capabilities. Warning: Activating the Threat Intelligence configuration, without installing the corresponding Threat Intelligence module to manage the generated data, will mean that your Snare Central Server will store significantly more data per received event, without being able to remove the associated data from the file-system via the Snare Central Server user interface. |
Support Data Retrieval
To aid the Snare Support team in diagnosing any issues, the information may be gathered with this tool. Selecting Generate will create a compressed-encrypted tar file with the output of some diagnose commands and a few Snare and system configuration files ready for download. After several minutes the tar file will generate, where you have the ability to select the file and download it from the server to be forwarded to support when required.
If the resulting tar file is bigger than 10MB, the file will be separated into 10MB chunks for sending purposes (via email, FTP, etc.) to be reassembled by the support team.
Once a file has been downloaded, the support file will be deleted from the server. No original data will be deleted.
Only when all files are downloaded will there be the ability to generate another support data file. This means that if you require to run Support Data again; you need to download all existing files including any 10MB files first.
User Administration
It is recommended that a number of users be created after the Snare Central has been installed, so that:
...