Page Comparison

Tip
Snare Windows Agent v5.8.1 was released on xx 19th June , 2024.

Warning

Since v5.8.0, upgrading Snare Agent from versions earlier than 5.4.0 for Agents that had password enabled is not supported.

Customers who need to upgrade the Agent from pre-5.4.0 version, are advised to perform a two-step upgrade:

Security Updates

Allow Agent service to start up and display Web UI with the relevant error message when the Agent is running with permissions insufficient for audit logs collection SA-4228, SA-4229collection
Removed registry values that are no longer in use from the 'Remote' registry key. SA-4326
Preventative code maintenance SA-3564maintenance

Fixed handling of remotely-configured SNARE V2 and JSON formats. These formats are now properly applied to outgoing events after configuration update is obtained from SAM. SA-4334 Related to Support Case SSUP-1007 / SSD-1718
Fixed scenario where log audit, FIM and RIM policies could not be completely removed via remote configuration managed by SAM. SA-4339 Related to Support Case SSUP-1018 / SSD-1773
Fixed a crash that could occur when sending a Microsoft windows CAPI2 event in Snare v2 or JSON formats
Fixed handling of duplicated data fields in Windows events sent in Snare v2 or JSON formats
Fix for issue where invalid event data could result in Agent being stuck attempting to process such event. SA-4087.
Improved validation of 'Event ID Match' input in Audit Policy. SA-4214 Related to Support Case SSUP-885 / SSD-1281
Removed misleading erroneous Error logged after reading last Advanced Audit policy SA-4279 Related to Support Case SSUP-951 / SSD-1449policy
Fixed license file names listed on the 'Select a License' page of the installer. If the file name contained parentheses, only the text in parentheses was displayed. SA-4283
Fixed spelling mistakes in labels on the Advanced Audit and FAM policy configuration pages. SA-4244, SA-4298

The following is an offline version of the User Guide related to this release.

...