Release Notes for Snare Windows Agent v5.1.1

Snare Windows Agent v5.1.1 was released on 11th July 2018.

Security Updates

  • Maintenance update for OpenSSL to patch to OpenSSL-1.0.2o.
  • Resolved issues with the agents using TLS syslog to connect to servers with TLS 1.1 and 1.2 not negotiating correctly.  The agent will now correctly negotiate up to TLS 1.2.

Bug Fixes

  • There was an issue with the 'Use Host IP' installer option. Due to this issue if this option was selected during installation then it is ignored. Consequently, all the events are associated with hostname instead of Host IP. This issue is fixed in this release and now this installer option works correctly. Please note that if this option is selected during installation then the first available static IP of the machine is selected as host IP. If there is not a static IP then any first available IP is used as that host IP for syslog messages.
  • Fixed an issue where UTC was being appended to local time when displaying events in the latest events page.
  • This change affects warning message for license support expiry. This change updated the warning that can appear in the top right corner of the agent web UI where the message "No further events will be logged to the specified destination."  will no longer be displayed if license support expires.
  • Updated the agent to use the time the event was generated on the Latest Events Web UI page. Previously it was reporting the sent date/time.
  • FIM configuration page has been changed so that when user selects Custom value from Schedule DDL then the custom text field would be Null instead of 'Midnight'.
  • This change modifies the message from the FIM driver if network destinations are down. Earlier the message showed FIM driver was not running, in fact the driver is running but just not receiving any events as destinations are down. This change modifies the message to a more meaningful description.
  • This change modifies the licensing status on the Agent page if a license is expired or support is expired when there are multiple licenses. The best license with active support is selected for setting in the agent Web UI.