Release Notes for Snare Central v7.5.0

New Features

• SAM within Snare Central now supports Centralized Agent Upgrades, also known as binary distribution. This feature provides the ability to centrally manage upgrades of agents from version v5.1.0 onwards. This reduces the amount of manual administration that is required in order to maintain Snare Agents for security compliance. This feature allows upgrades to a newer after the v5.1.0 agent version. The installed agent must be at least v5.1.0. See User Guide for prerequisites and instructions. Presently only the Snare Enterprise Agent for Windows and Desktop is supported for binary distribution feature; Epilog, MSSQL, macOS, Linux and WEC agent don’t have this feature at this time
• Pattern maps data can now be exported in CSV format

Enhancements

• Windows failed login identification has been modified to be more flexible in identifying user SID information

• Windows-related event definitions now include update SourceType/Return/User fields

• The ability to manually start and stop the ElasticSearch service has been added to the threat intelligence configuration page

• The Snare Central malware domains list has been switched to use a combination of up-to-date resources

• Criticality colours in Generic log objectives, have been updated to be easier to read

• A new NAS protocol version input has been added to the disk manager

• The Snare Realtime configuration, which pushes logs to the threat intelligence component, has been expanded to include other remaining log types that Snare Central supports to cover all Snare Central known network devices

Bug Fixes

• Various bug fixes and updates
• The event ID field for CISCO ASA events will now be extracted correctly.

Operating System Updates