Page Comparison

New Features

• Introducing the Registry Integrity Monitoring (RIM) module designed to periodically scan the registry for changes. The RIM module can be used to scan the windows registry and compare against a known baseline of registry hash (sha512) details. Events are generated upon changes to registry keys, values or attributes.  The new screen in the agent allows the user to select a root key, registry path and multiple sub-keys/values to include or exclude from the scan as needed. This new feature will generate a new Snare log type called FIMLog.  For reporting in Snare Central the system will need to be patched to 7.3.0 to understand the new log type, prior to this version it will show up as GenericLog.  As part of this new feature in the agent the Latest Events page in the agent has a new tab "Registry Integrity"  to show the RIM events.
• Windows Agent now has the functionality of Snare's Epilog application built into it negating the need to install two programs on your host operating system. The new Log Auditing module contains 100% of the functionality found in the Epilog agent with events remaining of the same format thus maintaining backwards compatibility with Snare Central and other third party SIEM systems. New menu items have been supplied in Windows Agent to allow the configuration of your log file auditing and, if required, the installation process will automatically detect and import any local configuration that may already exist due to a current Epilog installation. Note: installation will not uninstall the Epilog application so it must be done manually and will display a warning to the user until it has been done.

...