Release Notes for Snare macOS Agent v5.8.0

Owned by Svetlana Sheptiy
Last updated: Dec 05, 2023 by Andrew Madge
2 min read

Snare macOS Agent v5.8.0 was released on 5th December 2023.

Security Updates

  • Added configurable maximum failed logins limit. If this limit is exceeded, the user will be locked out for a period of time. The maximum number of failed login attempts and the lock timeout are configurable via Access Configuration
  • 3rd party libraries upgraded: 
    • OpenSSL upgraded to version 3.1.1
    • Boost upgraded to version 1.81.0
    • SQLite upgraded to version 3.40.1
  • Improved failback certificate lookup logic to consider expiry and issuer, and reduce the need to re-create self-signed certificate
  • Added support of big key size token for TLS_AUTH connection
  • Replaced usage of MD5 with stronger hashing algorithm in License Manager

  • In order to reinforce Agent security, removed dependency on MD5 hashing during Snare Agent upgrade

    After this change, upgrading Snare Agent from versions earlier than 5.4.0 for Agents that had password enabled is not supported.

    Customers who need to upgrade the Agent from pre-5.4.0 version, are advised to perform a two-step upgrade:

    • Step 1 - Upgrade from pre-5.4.0 version to v5.7.0 or 5.7.1
    • Step 2 - Upgrade from v5.7.* to the latest version

New Features and Enhancements

  • Starting from version 5.8.0 Snare Agent has the ability to pull configuration and policy updates from Snare Agent Manager (SAM).
    This functionality replaces previous method of pushing configuration from AMC (Snare Central component) to Snare Agents. 

    Recommendation

    Customers who use AMC to push configuration to the Agents, are encouraged to migrate to this new mechanism where Agent policies are defined in SAM, and Agents pull policy updates from SAM.
    This new mechanism is more secure and provides ability to manage Agents configuration without having web access enabled on every managed endpoint.
    Please see AMC to SAM Migration Guide for details.

    The existing AMC in Snare Central will be deprecated at a future date still yet to be announced. 

    Starting from SAM v2.0.0 and Snare Agent 5.8.0, Agent's configuration and policies can be fully managed in Snare Agent Manager (SAM).
    SAM allows to define Agent groups, load and update master configuration, and provide it to the relevant Agents. Please see Release Notes of SAM v2.0.0 and the User Guide for more details.

  • Added ability to export Agent Setting in JSON format from command line, using -j flag. This JSON file can optionally be used as master configuration in SAM Agent Policies management

Bug Fixes

  • Fixed form validation of custom Agent Heartbeat Frequency field
  • Fix for possible corner case when determining certificate name
  • Fixed possible error when accessing Access Configuration page
  • Added missing EventLogCounter field to SnareV2 format

User Guide

The following is an offline version of the User Guide related to this release.


For an up-to-date version refer to the online version here.