| Info |
|---|
FAM and RAM functionality is available starting from Snare Agent for Windows v5.6.0 |
There needs to be performed following three steps, before Snare can capture the FAM / RAM events.
1. Enable FAM / RAM Events in Windows Security Policy
| Info |
|---|
This step is done automatically in Snare Agents v5.7.1 or newer, assuming the following setting in General Configuration is checked: |
Open the Windows Security Policy (from Contrrol Panel / Administrative Tools on local machine or via GPO on Domain Control) and enable the following settings:
...
It is recommended to enable the following setting in "General Confguration" of the Snare Agent and then Snare can take care of enabling the auditing on File / Folder / Registry.
This setting can also be enabled manually by the user. In case, if user want to enable it manually then enable via following steps:
...