Data Restore v8.0.0

Arbitrary Data Import

Snare Central can attempt to import arbitrary log data that is text-based, and uses newline (or newline/carriage-return) characters to mark the boundary between different lines. Logs of this format will be imported to either the 'GenericLog' or 'GenericSyslog' data sources, with dates either derived from the uploaded data (if available), or specified within the import form.

Choose up to 9 files to import at once.

Snare Data Import

Data that has been exported to optical, or USB media, can be called back into Snare Central for forensics analysis by this objective.

Alternatively, in situations where a Snare Agent has been configured to log to a local file, rather than, or in addition to, sending log data directly back to a Snare Central for analysis, such files can be uploaded to Snare Central from this interface by selecting the 'Upload Snare Agent exports' button.

Examples of situations where this option is of benefit are:

• Field laptops that are not generally connected to the local organisational network, or are connected to demilitarized 'safe zones'.
• Systems that have been taken offline due to virus contamination, where forensic analysis of log data may help reveal the infection source.

Log data uploaded via the 'Upload Snare Agent exports' capability can be added file-by-file using an upload form, or alternatively, logs can be zipped together, and uploaded as a single file.