Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Tip

Snare Windows Agent v5.3.3 was released on xxxth xxx 15th April 2020.

Summary

This release is primarily for customers using TLS_AUTH and EventChecksum features.  It also covers the EULA which is now at the www.snaresolutions.com website.

Enhancements

  • Enabled control of Epilog settings import during installation and through Web UI
  • Added warnings in Web UI if TLS_AUTH protocol is set with the wrong port
  • If Event Checksum is enabled, it is appended at the end of the events in the standard optional field format: "EventChecksum=<checksum>"
  • If Event Checksum is enabled in the configuration, the Agent will append the checksum to all events written to a file destination. In previous versions, event checksum was only appended to the events sent to network destinations
  • The End User License Agreement page of the installer was modified. Users will now get a link to read the EULA from snaresolutions website
  • Updated Readme file to include TLS Auth feature which was released in v5.3.0
  • Updated Readme file to include the link to the Release Notes, rather than listing Version History in the file

Bug Fixes

...

Enhancements and Updates

  • OpenSSL upgraded to v1.1.1. 
  • Allowing enabling and disabling of event checksum option from Agent's Web GUI, via Destination Configuration > Event Options > Append Checksum to Events
  • EventSourceID field that can be appended to all events, can now be configured as free text (Destination Configuration > Event Options > Event Source ID). In previous releases the value of EventSourceID field was fetched from a configurable Windows registry location 
  • New Snare Logpage was added to Web UI, aiming to assist in real-time troubleshooting of Snare Agent operations.  The page displays critical errors and up to 1,000 most recent Agent log messages.  Logging Level can be set via Heartbeat & Agent Log 
  • Added new GUI option under General Settingsto control the enabling of audit events under "Any Event" objective. By default, if user adds "Any Event" objective, the agent will NOT enable any additional events
  • A new log type DHCP Log is added for Audit Log
  • Applied pre-verification of certificate in strict certificate checking for SAM and network destinations
  • Extended support for LEEF format for Logaudit, FIM and RIM
  • Improved validation of Custom schedule for FIM and RIM objectives
  • Added Day of Week support in the cron format used for scheduling FIM and RIM objectives. Note: Restricting both date and day of week is not supported
  • Updated RIM Events in CEF and LEEF formats to display full registry path in the filePath field
  • Various bug fixes

User Guide

The following is an offline version of the User Guide related to this release.

View file
nameWindows v5.3.3 User Guide.pdf
height250

For an up-to-date version refer to the online version here.