The Snare Server is a log collection, analysis, reporting, forensics, and storage appliance that helps your you meet departmental, organisational, industry, and national security requirements and regulations relating to log and event data. It integrates closely with the industry standard Snare agents , to provide a cohesive, end-to-end solution for your log-related security requirements.
The Snare Server , as shown in Figure 13 collects events and logs from a variety of operating systems, applications and appliances including, but not limited to: Windows (NT through 2012)workstations and servers, Linux, Solaris, AIX, IrixOSX, Linux, Tru64, ACF2, RACF, CISCO Routers, CISCO PIX Firewall, CyberGuard Firewall, Checkpoint Firewall1, Gauntlet Firewall, Netgear Firewall, IPTables Firewall, Microsoft ISA Server, Microsoft IIS Server, Lotus Notes, Microsoft Proxy Server, Apache, Squid, Snort Network Intrusion Detection Sensors, IBM SOCKS Server, and Generic Syslog Data of any variety.
Figure 13 Welcome to the Snare Server
Some of the key features of the Snare Server include:
- Ability to collect any arbitrary log data, either via UDP or TCP
- Secure, encrypted channel for log data using TLS/SSL or 3DES
- Proven technology that works seamlessly with the Snare agents
- Snare reflector technology that allows for all collected events to be sent , in real time , to a standby/backup Snare Server, or to a third party collection system
- Ability to continuously collect and store a large numbers of events. Snare Server collection rates exceed 6030,000 events per minute second using a low-end , workstation class, Intel based PC on a 100Mbps networkserver hardware, or nearly one trillion events per year.
- Ability to drill down from top level reports. This reduces the amount of data "clutter" and allows a system administrator to fine tune the reporting objectives.
- Ability to 'clone' existing objectives in order to significantly tailor the reporting criteria. These reports, along with all Snare Server objectives, may be scheduled and emailed to designated staff.The Snare Server uses extensive discriminators for each objective, allowing system administrators to finely tune reporting based on inclusion or exclusion of a wide variety of parameters
- A query-builder interface gives you the power to create specifically tailored reports, with search criteria that meet your security requirements, and output formats that suit the needs of your data owners.
- Very simple download and installation
- Flexibility when dealing with unique customer requirements
- A strategic focus on low end hardware means that Snare can achieve outstanding results with minimal hardware cost outlay
- Snare gives you useful data, out of the box, with default objectives tuned for common organisational needs
- Ability to manage Enterprise Agents
- All future Both major and minor Snare Server versions and upgrades are included as part of an annual maintenance fee.
The Snare Server is an appliance solution that comes packaged with a hardened, minimal version of the Linux operating system to provide baseline computing functionality, which means you do not need to purchase additional operating system licenses, database licenses, or install additional applications in order to get up and running. Like your android phone, or your home router, any operating-system level management and maintenance is either automated, or is available within the web-based interface.
For further information on the Snare Server refer to the Snare Server User Guide on the Intersect Alliance website.