Release Notes for Snare Central v7.1.2

New Features

• The Agent Management Console (AMC) now generates CSV attachments on regeneration, displaying the list of agents available, and their associated flags.
• Additional v5 Snare agents have been added to the AMC configuration screen drop down menu in preparation for the newer agents becoming available in the near future. The AMC will now support the following additional v5 agents for push configurations - Solaris, Solaris Epilog, Linux Epilog, OSX, and OSX Epilog.

Enhancements

• The maximum file size limit when uploading a Snare Server Update via the Web Upload form has been increased from 500M to 1.5G. This is necessary for future upgrades.

• The Snare Server syslog collection service now supports the Palo Alto firewall log format. Additional validation steps have also been included in the syslog collection service to better exclude false positive hostnames.  The syslog collection has also resolved some collection issues with Cisco switches that send syslog messages in non RFC compliant formats.

• Snare Server now supports Stronger cipher encryption. The wording in the 7.1.1 patch was incorrect and should read as follows:  "This setting will disable support for SSLv2.0, SSLv3.0, TLS1.0 and TLS v1.1 for Apache, only allowing TLSv1.2 for https to work with a web browser."

Bug Fixes

• Regardless of their configured schedule, objectives were scheduled to run every hour as a background task, with restricted date/time match criteria. This served to update the Snare Server "query cache" for each objective. For systems with a small number of scheduled objectives, this served to spread the load of scanning the underlying data store across the day, rather than consolidating it in one larger cluster, at the officially scheduled time. However, for customers with a larger number of scheduled objectives, the "CacheUpdate" functionality would actually have a net-negative affect on performance, due to the startup/shutdown overhead associated with each cache update run. This update disables the CacheUpdate functionality now by default.
• Drill-down from the first "pattern map" report associated with each objective, was blocked in version 7.1.1. This is now resolved.
• The date and times for some Snare log lines (as can be seen in System : Display the Snare Log File) were being recorded with different time zones.
• Snare Server 7.1.1 introduced the capability to use authentication when connecting to the target email server.  In some installs where the configuration values for this particular setting has been skipped as part of the initial configuration wizard run, authentication would be turned "on" by default, whilst appearing to be "off".  This update corrects the default setting.
• The AMC UI links to version 5 agents were showing incorrect agent port information.  This is now resolved.
• The AMC is now correctly pushing updates to the new v5 agents.
• Fixed issues relating to double closing of SSL sockets causing SnareCollector to terminate unexpectedly.