Arbitrary Data Import
The Snare Central can attempt to import arbitrary log data that is text-based, and uses newline (or newline/carriage-return) characters to mark the boundary between different lines. Logs of this format will be imported to either the 'GenericLog' or 'GenericSyslog' data sources, with dates either derived from the uploaded data (if available), or specified within the import form.
Choose up to 9 files to import at once.
| Info |
|---|
|
Snare Data Import
Data that has been exported to optical, or USB media, can be called back into the Snare Central for forensics analysis by this objective.
Alternatively, in situations where a Snare Agent has been configured to log to a local file, rather than, or in addition to, sending log data directly back to a Snare Central for analysis, such files can be uploaded to the Snare Central from this interface , by selecting the 'Upload Snare Agent exports' button.
...
- Field laptops that are not generally connected to the local organisation organisational network, or are connected to demilitarized 'safe zones'.
- Systems that have been taken offline due to virus contamination, where forensic analysis of log data may help reveal the infection source.
...