This document is designed to assist a systems/security administrator to use the Snare Reflector for Windows.
The Snare Reflector is capable of 'reflecting' incoming events to a Snare Server, or third party SIEM server or collector. The Reflector supports a range of target formats including, but not limited to, "Snare", "Syslog RFC 3164", "Syslog RFC 5424", "QRadar", and "Envision". TLS encryption is available, if the destination server supports it.
The Snare Reflector is capable of filtering events on a per destination basis. It may convert data from one format to another, and can modify the event information on the fly to suit your target SIEM server or syslog destination.