Table of Contents |
---|
...
In order to plot log data accurately on geographical maps, for example on Cyber Network Map page, it may be necessary to explicitly map internal network IP addresses and hostnames to their geographic locations.
- Use either of the following options available in the drop-down list:
- IP Address - enter a single IP address
- IP Range - enter From and To IP addresses to define a range
- IP Wildcard - enter IP address with one of the fields as a wildcard (asterisk *), for example, 10.10.10.*
- IP Netmask - enter IP Address and a Netmask
- CIDR Block - enter IP address and a CIDR
- Hostname - enter a single hostname
- Hostname Regex - enter a regular expression for hostnames to match
- Choose geographic location from auto suggestion list by entering at least first three characters of city/state/province/country in the location field.
- Click Click to add the mapping. The new mapping will appear in the list on the same page.
- Add as many mappings as required
- Click Click at the top of the page to restart the collection service and apply the changes.
Each mapping in the list can be edited or deleted using action buttons:
Display the Snare Central Log Files
...
Please note that changes to the Snare system produced by a Snare Central upgrade will be detected and reported on, as this will include many system files as well as the Snare application components. If you see changes occurring in the operating system and application that were not the result of a patch or manual user intervention, then they should be investigated as part of your corporate incident management process.
IP Address Configuration
...
This objective provides summary information on current objective scheduling, target email addresses, and access controls. A link to each objective also enables you to modify the associated configuration settings.
Manage Plugins
The team at InterSect Alliance provide development services for customers, such as creating Snare Central objectives that meet specific organisational requirements. We release these customisations as 'Snare Central Plugins', which can be installed using the normal 'Snare Central Update' capability, and can be turned on/off using the 'Manage Plugins' objective."
My Account
Your Snare Central password can be changed in this objective. Last login date/time information is also available.
...
Threat Intelligence Configuration
Snare Server 8.0+ includes an updated collection infrastructure, which is capable of interfacing with the new Snare Advanced Threat Intelligence (SATI) module. Enabling the threat intelligence capability on the Snare Central Server will facilitate delivery of selected important events, up to an infrastructure which is capable of providing enhanced dashboards and log intelligence.
Delivery of data to a non-local elasticsearch instance is also supported. Currently all log types that Snare Central receives will be forwarded to the destination server.the list of log types are as follows:
...
Enabling SATI delivery will display an overview of the currently enabled forwarding filters.
...
...
Delivery of data to a non-local elasticsearch instance is also supported. The Snare Server can be configured to log to a local elastic instance (which is installed and available as part of version 8.0 of the Snare Central server), or can be configured to log to a remote elastic instance. If the remote elastic instance is protected by either X-Pack or ElasticShield from InterSect Alliance, HTTPS/TLS and authentication can be activated.
...
The configuration will enforce the password policy rules for the following operating system accounts root, snare and snarexfer. For additional information on the values of each setting refer to the manual pages for pam.d and pam_cracklib.