Release Notes for Snare Epilog Agent v5.6.0

Owned by Svetlana Sheptiy
Last updated: May 18, 2022 by Andrew Madge
2 min read

Snare Epilog Agent v5.6.0 was released on 25th May 2022.

(Note: May be purchased separately or as a combined Windows/Epilog agent)

Security Updates

  • Removed MD5 and SHA1 hashes from the release metafiles. Only SHA512 of SHA-2 family is now used for verifying integrity of binary files
  • 3rd party libraries upgraded: 
    • OpenSSL upgraded to version 1.1.1m
    • curl upgraded to version 7.79.1

New Features and Enhancements

  • A new checkbox setting was added on the Agent's Access Configuration page allowing to disable TLS 1.2 and use TLS 1.3 as a minimum for web UI connections
  • The name of the self-signed certificate generated by the Agent by default was changed from the host name to "Snare Agent"
  • The Snare debug log (sometimes required for troubleshooting by Snare Support) can now be generated from Web UI without stopping the Agent.
    Navigate to Snare Log page in Agent's Web UI, configure the output directory and the duration of debug log capturing, and click Start Debug Log.
    Stop Debug Log button allows to stop logging before the configured time has elapsed.

  • Memory usage optimisation for Heartbeat logs handling when 'Agent Logging Options' is set to Trace level and 'Agent Heartbeat Frequency' is set to a longer period

  • A warning will be displayed on the Destination Configuration page when sending to Snare destination using TLS_AUTH protocol, but without changing the default TLS_AUTH Authentication Key

Bug Fixes

  • The Agent will now attempt to reuse existing self-signed certificate instead of creating a new one every time remote configuration is pushed from Snare Central AMC
  • Cached Events will now be sent as correct event types, and not as generic CachedEvent type
  • Enhanced robustness in using the IP address in events by multiple retries when the system is yet to get a valid IP address
  • Fixed the issue where HeartBeat events had empty JSON content, when sent to a destination in SNARE V2 or SYSLOG JSON format
  • Cache Path and Heartbeat Output Path are set to the installation folder by default
  • Agent now properly handles paths containing \n inside the event content
  • Heartbeat event checksum option now written to heartbeat export file if enabled
  • Updated file path traversal to be more robust on a variety of platforms
  • Removed duplicated warning messages on the Destination Configuration page, improved message format consistency
  • Removed irrelevant warning that was shown when destination was configured with port 514 and SYSLOG JSON format
  • Fixed the issue of getting an error when users accidentally enter space(s) in the Destination and/or SAM IP address
  • Corrected the misleading message for expired license support
  • Removed the erroneous error message logged every time the collection from text file reached end of file
  • Reduced severity of erroneous error "CN is not found for certificate" to informational message
  • Resolved issue where logs displayed on Snare Log page might be filtered incorrectly