This page allows to configure access to Snare Agent via web User Interface, as well as establish communication with Snare Agent Manager (SAM).
Web UI can be used for configuring Snare Agent and monitoring its operation.
The following options may be set for remote control operation:
- Restrict remote control of SNARE agent to certain hosts. This feature indicates whether to restrict web access to the Snare Agent to certain machines specified in IP Address allowed to remote control SNARE. This option is also configurable at the time of installation. Enabling this option will make the Snare Agent's web GUI and web APIs accessible from certain IPs only. When disabled, the Agent's web interface is accessible from any machine.
Note: if web access was not enabled during Agent installation, it can be turned on by enabling the correct registry key on the machine on which the Snare Agent is installed. - IP Address allowed to remote control SNARE. Remote control actions may be limited to a given host. This host, entered as an IP address in this field, will only allow remote connections to be effected from the stated IP address. Note that access control based on source IP address is prone to spoofing, and should be considered as a security measure used in conjunction with other countermeasures. Multiple comma-separated IP addresses or FQDNs can be entered.
Password to allow remote control of SNARE. Displays the state of the password e.g. Password is set. If the agent is not remotely configured, the password can be reset using the 'Reset password' button. This is the password required at login.
Password complexity rules
The password must meet the following criteria:Between 10 and 128 characters in length.
Not more than 2 identical characters in a row (e.g. 111 not allowed).
And 3 out of the following 4 complexity rules:
At least 1 uppercase character (A - Z),
At least 1 lowercase character (a - z),
At least 1 digit (0 - 9),
At least 1 special character (e.g. punctuation).Password reset command
If you are ever locked out, the password can be manually reset with use of the password reset command line option. To use, stop the Snare Agent Service, run a console as Administrator, go to the agent installation directory and evoke the agent executable with -p followed by the password:
e.g. SnareCore.exe -p myNewPassword99
Ensure you restart the agent service afterwards.
The installation path depends on the type of Windows Snare Agent installed, as listed below:
Snare Agent: C:\Program Files\Snare\SnareCore.exe
Snare Desktop: C:\Program Files\Snare\SnareDesktop.exe
Snare WEC: C:\Program Files\SnareWEC\SnareWEC.exe- Max number of failed attempts allowed Indicates the number of failed login attempts to be allowed before the agent will be locked. Accepted number of failed login attempts is 3 to 6. Default value is 3.
- Lock timeout (minutes) after max failed attempts Indicates the lock duration in minutes if the agent is locked due to the maximum failed login attempts. Accepted duration (minutes) is 15 to 60. Default value is 15.
- Web Server Port. Normally, a web server operates on port 80. If this is the case, then a user need only type the address into the browser to access the site. If however, a web server is operating on port (say) 6161, then the user needs to type https://mysite.com:6161 to reach the web server. Note the new server port, as it will need to be placed in the URL needed to access the Snare agent.
- Require at least TLS 1.3 for browser connections to Agent Website. When unchecked (default), Snare Agent supports TLS 1.2 and TLS 1.3 for web connections. When checked, TLS 1.2 is explicitly disabled; browsers connecting to the agent website must support at least TLS 1.3 for ssl connections.
- Snare Agent Manager IP. The IP address or FQDN of SAM (or localhost may be used if on same machine). The agent will communicate with SAM via this IP and try to connect.
- Snare Agent Manager Port. The port number of SAM machine the agent will try to connect using IP:Port combination. Default is 6262.
- Snare Agent Manager Authentication Key. It is the secret key that the agent uses for authentication while making the connection with the SAM. The agent will not be able to continue connection with the SAM if this key is invalid. This key is generated by administrators on SAM. On installation of the agent the default key is
DEFAULT_AUTH_KEY__USER_TO_UPDATE
, and this is also the default on SAM in Settings|General.
To save and set the changes to the above settings, and to ensure the audit daemon has received the new configuration perform the following:
- Click on Change Configuration to save any changes to the registry.
- Click on the Apply Configuration & Restart Service menu item.