Snare Agent Manager
This capability is available starting from Snare Enterprise Agents v5.8.0 and Snare Agent Manager (SAM) v2.0.0.
Starting from version 5.8.0 Snare Agent has the ability to pull configuration and policy updates from Snare Agent Manager (SAM).
This functionality replaces previous pushing configuration method to Snare Agents via Snare Central component Agent Management Console (AMC).
Recommendation
Customers who use AMC to push configuration to the Agents, are encouraged to migrate to this new mechanism where Agent policies are defined in SAM, and Agents pull policy updates from SAM.
This new mechanism is more secure and provides ability to manage Agents configuration without having web access enabled on every managed endpoint.
Please see Agents Policies Management for details.
Starting from Agents v5.8.0 and SAM v2.0.0, Agent Management Console (AMC) in Snare Central is deprecated in favor of Snare Agent Manager (SAM) and AMC will be removed in a future release. Refer to the AMC to SAM migration guide.
SAM allows to define Agent groups, load and update master configuration, and provide it to the relevant Agents. Please see Release Notes of SAM v2.0.0 and the User Guide for more details.
Snare Agent that has its policy managed by SAM will indicate this on the ‘Agent Status page’, under Managed Configuration Status. All the settings that are managed by the Snare Agent Manager are read-only, marked Remote as shown following:
These remote configs are called Master Configuration that agent pulls from Snare Agent Manager (SAM). See the SAM documentation on how to create the master configuration.
Some agent configuration are strictly local and cannot be assigned from master configuration. These settings include Override Hostname, Select the specific Network Adapter, Client Name and upgrade path. These settings are always shown as LR.
Exporting Agent Configuration as JSON
Follow these instruction to export the agent configuration as JSON:
Open an admin console
Run the following command:
(Audit v3+ platforms)
sudo /usr/sbin/SnareAgentPlugin -j settings.json
(Audit v2 platforms)
sudo /usr/sbin/SnareDispatchHelper -j settings.json
The loaded settings of the agent will be exported in settings.json file. This settings.json can be used as master configuration in SAM.
Following is the list of Unix distributions that use Audit v3+
SUSE version 15+
Ubuntu version 22+
Debian version 11+
RedHat version 8+
Oracle version 8+
Alma version 8+
Rest all Unix distributions use Audit v2