Versions Compared

Version Old Version 13 New Version 14
Changes made by

Andrew Madge

Andrew Madge

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Welcome to the Snare Wizard

...

    • Enable or disable the Basic Snare Firewall, which uses the UFW firewall to configure IPTables. For normal operation of the Snare Central, the firewall should be left enabled; it will only block those ports that do not have an associated snare-related service active.

      • When the Snare Firewall checkbox is enabled, the currently active firewall rules will be shown in the Active Rules section, and the Backup & Restore section is available. It is possible to make a backup of the current rules and restore them if required.

      • Clicking on any active rule will bring the edit rule form where you can delete the selected rule or change some parameters like destination port number, transport protocol, policy and origin.
      • It is important to note that when adding a new rule, by default ufw will create the same rule for both TCPv4 and TCPv6. However when deleting a rule you need to delete the TCPv4 and the TCPv6 separately.
    • More information on UFW can be found at:  https://help.ubuntu.com/community/UFW
    • Click on the Next button.

...

  • Enter the Port your Snare Agents are listening on for their remote administration interface. This port will be used by the Agent Management Console to contact your agents. By default the port is 6161.
  • Enter the Password set on the remote administration interface of your Snare Agents. It is used by the Agent Management Console, decrypting encrypted log messages, as well as retrieving such items as user and group retrieval from the agents.
  • Click on the Next button.

Email Setup

Info

Image Modified


  • Enter the DNS Name or IP address of an SMTP email server. If you want to use SMTPS (SMTP over SSL or TLS) you can specify the authentication protocol to use as well as SMTP Username, SMTP password and SMTP port (587 is the default). Please note that SMTP authentication without encryption is not supported.  There is the ability to send a test email with outcome presented on screen, and to the nominated email address.
  • If you set the default address to append for your organisation, Snare will add this on to any email addresses specified in the scheduled task settings associated with each objective.
    • For instance, if you add 'dni.gov.au' here, you can specify 'fred.bloggs' in a scheduled task email configuration item, rather than 'fred.blogs@dni.gov.au'.
  • Enter the Reply-To address that the Snare Central should use to send emails from.
    • This will set any email 'reply to' addresses to this entry. If users hit their 'reply' button on a Snare email, this will be the address that email returns to. It is recommended you configure this to be your IT helpdesk, or a member of your security team.
  • Select the preferred email distribution mode
    • In general, it is recommended that each objective is configured to send out data independently of other objectives. If 'One email per user will go out..' is selected, there may be a delay of up to 15 minutes after an individual objective completes, before the collection of generated objectives is sent to the destination user.
  • If your organisation requires a classification header to be included within the electronic mail messages sent with an objective, add it here.
    • You may also choose to prepend, or append, the classification message to the subject line.
  • If you are using an older mail client that cannot handle inline HTML formatted mail, the option in Mail Format section gives you the chance to turn HTML content off. Objective output will still be included as an attachment to the electronic mail message.
  • Whether or not to generate PDF attachments on emails for real time Alerts.
  • Click on the Next button.

...