Snare Linux Agent v5.7.0 was released on 25th January 2023.
Security Updates
- 3rd party libraries upgraded:
- OpenSSL upgraded to version 3.0.7
- Boost upgraded to version 1.79.0
- Event Checksum, appended to events if enabled, was changed from MD5 to SHA3-512 hash
Customers, who have event checksum enabled, may need to adjust their event integrity validation tools to use SHA3-512 instead of MD5.
New Features and Enhancements
- Snare Enterprise Agent for Linux for Ubuntu 22.04 is now available
- Snare Enterprise Agent for Linux for Debian 11 is now available
- Snare Enterprise Agent for Linux for Red Hat Enterprise Linux version 9.0 (RHEL 9.0) is now available
- Improved LEEF output format for Linux audit events (added cat, devTimeFormat, devTime and usrname fields)
- Self-signed certificates generated by Snare Agent on demand will now be named "Snare Agent"
- More detailed debug logging for when Snare Service receives a signal from OS
Bug Fixes
- Agent now correctly parses Linux audit events which contain unquoted partial fields within audit records
- Fixed validation of a0,a1,a2,a3 field values as text instead of numeric