This document is designed to assist a systems/security administrator to use the Snare Reflector for Windows.
The Snare Reflector is capable of reflecting incoming events to a Snare Server, or third party SIEM server or collector. The Reflector supports a range of target formats including, but not limited to:
Snare
Syslog RFC 3164
Syslog RFC 5424
QRadar
Envision
TLS encryption is available, if the destination server supports it.
The Snare Reflector is capable of filtering events on a per destination basis. It may convert data from one format to another, and can modify the event information on the fly to suit your target SIEM server or syslog destination.