Release Notes for Snare MSSQL Agent v5.3.3

Enhancements and Updates

• OpenSSL upgraded to v1.1.1
• Agent's Web GUI Destination Configuration page has a new section Event Optionsallowing to define additional data to be appended to each event generated by the Agent
• Event checksum option can now be enabled or disabled from Agent's Web GUI, via Destination Configuration > Event Options > Append Checksum to Events
• New optional field EventSourceIDcan be appended to all events generated by the Agent. The value of this field can be configured via Destination Configuration > Event Options > Event Source ID, by either setting a free text value, or defining Windows Registry location to fetch the value from. All events will be tagged when this option is selected as a method of adding additional meta data to the event so it is known to come from a specific system. This extra data is added to the Snare and Syslog log formats, including RFC 3164 and RFC 5424
• New Snare Logpage was added to Web UI, aiming to assist in real-time troubleshooting of Snare Agent operations.  The page displays critical errors and up to 1,000 most recent Agent log messages.  Logging Level can be set via Heartbeat & Agent Log 
• Applied pre-verification of certificate in strict certificate checking for SAM and network destinations
• Added additional SQL log data for LEEF format
• Added additional SQL log data for CEF format
• Corrected SQL Server instance name validation to accept between 1-16 characters
• Resolved the issue causing the UTC time to be shown incorrectly in MSSQL event
• Various bug fixes

User Guide

The following is an offline version of the User Guide related to this release.

For an up-to-date version refer to the online version here.