...

V5.1.1

New Features

• As of <INSERT DATE> the Snare windows agent has achieved Veracode VerAfied security compliance to VL4 status. The 5.1.0 version of the Snare Windows agent now meets the Veracode VL4 certification policy criteria.  By using Veracode independent source code static analysis methods  there are no very high, high, or medium security rated vulnerabilities present based on OWASP top 10 and SANS top 25 coding vulnerabilities.  See the following for more information https://www.veracode.com/get-verafied-and-listed

Security Updates

• Maintenance update for OpenSSL to patch to OpenSSL-1.0.2o.
• Updated agents to connect to servers with TLS 1.1 and 1.2.

...

• There was an issue with the 'Use Host IP' installer option. Due to this issue if this option is selected during installation then it is ignored. Consequently, all the events are associated with hostname instead of Host IP. This issue is fixed in this release and now this installer option works fine. It's worthwhile to mention that if this option is selected during installation then the first available static IP of the machine is selected as host IP. If there is not static IP then any first available IP is used has host IP.
• Fixed an issue where UTC was being appended to local time when displaying events in the latest events page.
• This change affects warning message for license support expiry. This change updated the warning where the message "No further events will be logged to the specified destination."  is removed even if license support expires.
• Updated the agent to use the time the event was generated on the Latest Events Web UI page. Previously it was reporting the sent date/time.
• FIM configuration page has been changed so that when user selects Custom value from Schedule DDL then the custom text field would be Null instead of 'Midnight'.
• This change modifies the message from the FIM driver if network destinations are down. Earlier the message showed FIM driver was not running, infact in fact the driver is running but just not receiving any events as destinations are down. This change modifies the message to a more meaningful description.
• This change modifies the licensing status on the Agent page if a license is expired or support is expired when there are multiple licenses. The best license with active support is selected for setting in the agent Web UI.

Other

?

V5.1.0

New Features

• Introducing the File Integrity Monitoring (FIM) module to provide file or directory hash details . The FIM module can be used to scan files/directories and compare against a known baseline of file details including file attributes and hash (sha512) details. Events are generated upon changes to file contents or attributes.  The new screen in the agent allows the user to select a file, directory and recursively scan multiple directories to include or exclude files or directory locations as needed. This new feature will generate a new Snare log type called FIMLog.  For reporting in Snare Central the system will need to be patched to 7.3.0 to understand the new log type, prior to this version it will show up as GenericLog.  As part of this new feature in the agent the Latest Events page in the agent has a new tab " File Integrity"  to show the FIM events.  This new FIM feature is designed to complement the other FIM/FAM file activity event log reporting the agent current has. 
• As of <INSERT DATE> the Snare windows agent has achieved Veracode VerAfied security compliance to VL4 status. The 5.1.0 version of the Snare Windows agent now meets the Veracode VL4 certification policy criteria.  By using Veracode independent source code static analysis methods  there are no very high, high, or medium security rated vulnerabilities present based on OWASP top 10 and SANS top 25 coding vulnerabilities.  See the following for more information https://www.veracode.com/get-verafied-and-listed

...