Snare Windows Agent v5.8.1 was released on xxx June 2024.
Since v5.8.0, upgrading Snare Agent from versions earlier than 5.4.0 for Agents that had password enabled is not supported.
Customers who need to upgrade the Agent from pre-5.4.0 version, are advised to perform a two-step upgrade:
- Step 1 - Upgrade from pre-5.4.0 version to v5.7.0 or 5.7.1
- Step 2 - Upgrade from v5.7.* to the latest version
Security Updates
- 3rd party libraries upgraded:
- OpenSSL upgraded to version 3.1.5
New Features and Enhancements
- Allow Agent service to start up and display Web UI with the relevant error message when the Agent is running with permissions insufficient for audit logs collection
- Removed registry values that are no longer in use from the 'Remote' registry key
- Preventative code maintenance
Bug Fixes
- Fixed handling of remotely-configured SNARE V2 and JSON formats. These formats are now properly applied to outgoing events after configuration update is obtained from SAM
- Fixed scenario where log audit, FIM and RIM policies could not be completely removed via remote configuration managed by SAM
- Fix for issue where invalid event data could result in Agent being stuck attempting to process such event
- Improved validation of 'Event ID Match' input in Audit Policy
- Removed misleading erroneous Error logged after reading last Advanced Audit policy
- Fixed license file names listed on the 'Select a License' page of the installer. If the file name contained parentheses, only the text in parentheses was displayed
- Fixed spelling mistakes in labels on the Advanced Audit and FAM policy configuration pages
User Guide
The following is an offline version of the User Guide related to this release.
For an up-to-date version refer to the online version here.