/
Release Notes for Snare MSSQL Agent v5.4.0

Release Notes for Snare MSSQL Agent v5.4.0

Owned by Andrew Madge
Dec 16, 2020

Snare MSSQL Agent v5.4.0 was released on 16th September 2020.

Security Updates

  • OpenSSL upgraded to version 1.1.1g.
  • SQLite upgraded
  • Hashing the password for Agent Web access using FIPS compliant hashing algorithm (PBKDF2 with HMAC SHA3 512).
  • Replaced the pop up Login form with a Login page for authentication to access Agent Web GUI.
  • To improve the security, only HTTPS protocol is used to access Agent Web GUI.
    The following steps might be needed to access Web GUI in Firefox browser:  https://support.mozilla.org/en-US/kb/Certificate-contains-the-same-serial-number-as-another-certificate.
  • Web Server Protocol setting (HTTP/HTTPS selector) was removed from Access Configuration.  WebHttps key was removed from Windows registry.
  • Updated the Agent to support TLS1.2 as a minimum, added support of TLS 1.3 as per recommendations in the OWASP Broad compatibility list. CHACHA20_POLY1305 cipher is not supported at this stage.

Enhancements

  • For each Objective, user will now be able to set a criticality level for each event format: Snare, Syslog (incl. SYSLOG (RFC3164), SYSLOG Alt (RFC5424 Compatible), SYSLOG (RFC5424) ), CEF, LEEF.

  • Agent installer, uninstaller and binaries are now digitally signed with EV code signing certificate, eliminating unknown publisher warnings.
  • SYSLOG (RFC3164) IEFT standard allows all alphanumeric characters considered the part of TAG. Previously, a fixed TAB was used as TAG terminator. Now to fully comply with SYSLOG (RFC3164) IEFT standard, any non-alphanumeric character can be specified as TAG terminator. To enable this functionality define a custom delimiter, and uncheck "Use TAB as SYSLOG (RFC3164) TAG Terminator" checkbox in the Destination Configuration.
  • Updated snare logo in the installer and in the Agent Web GUI.
  • Updated links in the readme files to point to snaresolutions.com website. Updated links to Knowledge Base.
  • Port 6514 can now be used to send events in Syslog format using TLS protocol to Snare Central 8.3+ or Snare Reflector 2.4+. Warning messages were updated accordingly.

Bug Fixes

  • When installing with a configuration file with a defined web certificate ID the web GUI will no longer silently fail due to not finding the predefined certificate and generate a self-signed certificate instead.
  • Various bug fixes

User Guide

The following is an offline version of the User Guide related to this release.

For an up-to-date version refer to the online version here.