Release Notes for Snare Linux Agent v5.3.0

New Features

• TLS Authentication. The Snare agents now support authentication over TLS to allow sending of logs over a secured and authenticated connection to the Snare Collector/Reflector. The Agent has some new configuration settings to set an authorization key that is set on the Snare Agent and also in the Snare Collector/Reflector.  The key negotiation is over TLS using Diffie-Hellman algorithm where the full key never is sent over the network.  This establishes a mutual trust between the Snare agent and the Collector so it allows for secure connections over untrusted networks like the Internet for sending and receiving log data. This new feature uses a new TCP port 6164 on the Collector configuration to use this TLS AUTH feature. The Collector will refuse connections from systems that do not authenticate the connection and drop the connection. Customers can use this option when configured to receive log data from Snare Agents for mobile users when connected to the Internet rather than having to rely on the user to VPN into the corporate network to receive the log data.

Enhancements

• The EPS rate shown on the latest events page has been changed to show the full integer value rather than scientific notation format for when the value is larger than 999.

Bug Fixes

• Prevent the agent from crashing on FIM scan, if the modified file identified by the scan had corrupted details (i.e. file owner).
• Resolved the issue where default protocol and log format configuration values were not properly validated, potentially causing a crash while Snare service starts or restarts.