Release Notes for Snare macOS Agent v5.3.3

Enhancements and Updates

• OpenSSL upgraded to v1.1.1
• CPU Usage optimization for macOS Agent
• Allowing enabling and disabling of event checksum option from Agent's Web GUI, via Destination Configuration > Event Options > Append Checksum to Events
• If Event Checksumis enabled, it is appended at the end of the events in the standard optional field format: "EventChecksum=<checksum>"
• If Event Checksum is enabled in the configuration, the Agent will append the checksum to all events written to a file destination. In previous versions, event checksum was only appended to the events sent to network destinations
• New optional field EventSourceIDcan be appended to all events generated by macOS agent. The value of this field can be configured as free text (Destination Configuration > Event Options > Event Source ID). All events will be tagged when this option is selected as a method of adding additional meta data to the event so it is known to come from a specific system. This extra data is added to the Snare and Syslog log formats, including RFC 3164 and RFC 5424
• New Snare Logpage was added to Web UI, aiming to assist in real-time troubleshooting of Snare Agent operations.  The page displays critical errors and up to 1,000 most recent Agent log messages.  Logging Level can be set via Heartbeat & Agent Log
• A new log type DHCP Log is added for Audit Log
• Extended support for LEEF format for Logaudit and FIM
• The End User License Agreement page of the installer was modified. Users will now get a link to read the EULA from snaresolutions website
• Updated the installer todisplay the link to the online Release Notes, rather than listing Version History. Fixed strict certificate checking in macOS Agent
• Fixed an issue with Web UI Https certificates loading in macOS Agent
• Added Day of Week support in the cron format used for scheduling FIM objectives. Note: Restricting both date and day of week is not supported
• Various bug fixes