Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

Agent Management Console

The most effective and simplest way to configure the SnareCore service is to use the Snare web based Remote Control Interface. If remote control is enabled, the process of configuring large numbers of agents can be further simplified by taking advantage of the Snare Server Agent Management Console. See User Guide to the Snare Agent Management Console on the Intersect Alliance website.

Group Policy

The configuration of the agents can be managed using Group Policy Objects. As discussed in Appendix B, the Snare Agent policy key is located at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Intersect Alliance\Epilog and uses exactly the same settings and structure as the standard registry location. The agent gives the policy location the highest precedence when loading the configuration (that is, any policy settings will override local settings) and as long as there is a complete set of configuration options between the policy and standard registry locations, the agent will operate as expected.
In the end of each setting, one of these characters are shown: (SGP), (AGP), (LR), (D). These are sources from where the setting can come and are explained as following.

  • Super Group Policy (SGP): If different types of snare agents (Snare for Windows, Snare Epilog, Snare for MSSQL) are running on a network then super group policy can be applied and all the agent will adhere to this policy. The registry path of SPG is Software\Policies\InterSect Alliance\Super Group Policy
  • Agent Group Policy (AGP): This is regular group policy applied to all Snare for Windows agents. The registry path is same as explained in the beginning of this section.
  • Local Registry (LR): These are setting assigned to the agent during installation and applied to the agent when none of the SPG and AGP are applied to the agent.
  • Default (D): If due to any reason agent cannot read either of SPG, AGP or LR registry values then if assigns the default settings referred as (D).

Below is a sample of an Administrative Template (ADM) file that can be loaded into a Group Policy Object to assist with selecting and setting configuration options.
CLASS MACHINE
CATEGORY !!"InterSect Alliance Snare Epilog Settings"
#if version >= 4
EXPLAIN !! "Contains examples of different policy types.\n\nShould display policy settings the same as \nADMX File - Example Policy settings category."
#endif
CATEGORY !!"Config"
;sets policy under "Software\Policies\InterSect Alliance\Epilog\Config"
POLICY !!"Override detected DNS Name"
#if version >= 4
SUPPORTED !!"This setting works with all agents"
#endif
EXPLAIN !!"This setting specifies the Hostname of the client.\n\n Must be not more than 100 chars, otherwise will be truncated."
KEYNAME "Software\Policies\InterSect Alliance\Epilog\Config"
PART !!"Override detected DNS Name with:" EDITTEXT EXPANDABLETEXT
VALUENAME "Clientname"
END PART
END POLICY
END CATEGORY;CONFIG_CATEGORY

  • No labels