Versions Compared

Version Old Version 1 New Version Current
Changes made by

maria ieropoulos

maria ieropoulos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Agent Management Console

The most effective and simplest way to configure the SnareCore Epilog service is to use the Snare web based Remote Control Interface. If remote control is enabled, the process of configuring large numbers of agents can be further simplified by taking advantage of the Snare Server Agent Management Console. See User Guide to the Snare Agent Management Console on the Intersect Alliance website.

...

Group Policy

The configuration of the agents can be managed using Group Policy Objects. As discussed in Appendix B, the Snare Agent policy key is located at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Intersect Alliance\Epilog and uses exactly the same settings and structure as the standard registry location. The agent gives the policy location the highest precedence when loading the configuration (that is, any policy settings will override local settings) and as long as there is a complete set of configuration options between the policy and standard registry locations, the agent will operate as expected. In

At the end of each setting on the configuration pages, one of these characters are shownmay be displayed: (SGP), (AGP), (LR), (D). These are sources from where the setting can come and are explained as following.
came as explained below:

  • SGP (Super Group Policy (SGP): If different types of snare Snare agents (Snare for Windows, Snare Epilog for Windows, Snare for MSSQL) are running on a network then super group policy can be applied and all the agent agents will adhere to this policy. The registry path of SPG SGP is SoftwareSOFTWARE\Policies\InterSect Alliance\Super Group Policy.
  • AGP (Agent Group Policy (AGP): This is the regular group policy applied to all Snare for Windows Epilog agents. The registry path is same as explained in the beginning of this section.Local Registry (LR): These are SOFTWARE\Policies\Intersect Alliance\Epilog.
  • LR (Local Registry): This is the setting assigned to the agent during installation and applied to the agent when none neither of the SPG SGP and AGP are applied to the agent.
  • D (Default (D): If due to any reason the agent cannot read either of SPGSGP, AGP or LR registry values then if it assigns the default settings referred to as (D).

Below is a sample of an Administrative Template (ADM) file that can be loaded into a Group Policy Object to assist with selecting and setting configuration options.

CLASS MACHINE

CATEGORY !!"InterSect Alliance Snare Epilog Settings"
#if version >= 4
EXPLAIN !! "Contains examples of different policy types.\n\nShould display policy settings the same as \nADMX File - Example Policy settings category."
#endif
CATEGORY !!"Config"
;sets policy under "Software\Policies\InterSect Alliance\Epilog\Config"
POLICY !!"Override detected DNS Name"
#if version >= 4
SUPPORTED !!"This setting works with all agents"
#endif
EXPLAIN !!"This setting specifies the Hostname of the client.\n\n Must be not more than 100 chars, otherwise will be truncated."
KEYNAME "Software\Policies\InterSect Alliance\Epilog\Config"
PART !!"Override detected DNS Name with:" EDITTEXT EXPANDABLETEXT
VALUENAME "Clientname"
END PART
END POLICY
END CATEGORY;CONFIG_CATEGORY