Release Notes for Snare Central v8.4.0

Overview

Snare Central version 8.4.0 introduces several new capabilities including Snare Central configuration backup and restore, consuming events in Snare v2 format, forwarding events in JSON and Syslog RFC5424 JSON formats, ingesting FortiGate and Cisco FTD logs, linking multiple Snare Central servers in a high availability cluster, over 200 additional reports and a number of other enhancements and bug fixes.

Features and Enhancements

• Ability to configure Snare Central servers to run in a high availability cluster to achieve collection and reflection redundancy.
  For details please refer to the User Guide > Appendix B - Configuring High Availability in Snare Central.

• The backup and restore has a new revamped UI for more granular backup and restore control. Ability to perform full or partial backup and restore of the Snare Central configuration and archive with easier selection box for components and process flow.
  The supported media includes network storage (NAS), ISO images and USB devices.
  For details please refer to the User Guide > Data Backup and Restore.
  This functionality replaces the previous Data Backup and Snare Data Import pages with all components now under Data Management Tools.

• Updated SAM 1.5.0. This version contains SAM 1.5.0 to allow the usage of Snare Agents 5.5.0+ where Snare Central is used for Agent licensing and binary updates.

• Ingest events sent by Snare Agents for Windows, MS SQL, Linux and macOS in the new Snare v2 format from 5.5.0+ agents. Snare v2 format allows sending more detailed events from Snare Enterprise Agents to Snare Central. The events will include time zone context, event time to the millisecond, and a number of additional fields for more granular audit event details.

• Integrated next generation Snare Collector/Reflector v3.0.0 offering better flexibility and scalability of the Snare Central events collection and processing.
  The updated collector/reflector includes the following capabilities:

  • Integrated full Snare Reflector User Interface (UI) in Snare Central, allowing more granular control over the Reflector configuration.
    Navigating to System > Administrative Tools > Configure Collector/Reflector in the menu, will result in Reflector UI opening in a new browser tab. This replaces old Reflector configuration page. 
    For details, please refer to the User Guide > Configure Collector/Reflector - Before v8.4.5

  • Ability to ingest events sent by Snare Agents for Windows, MS SQL, Linux and macOS in the new Snare v2 format.

    Snare v2 format allows sending more detailed events from Snare Enterprise Agents to Snare Central. 
    The events will include time zone context, event time to the millisecond, and more granular audit event details.

• Enhanced colour coding of report criticality icons, and added character indicators to better support impaired colour vision. 

• Events Search enhancements:

  • Ability to export Events Search results into a CSV file

  • Implemented Search History filters, enabling search by text, date range, or query status

  • Implemented Saved Queries filter, enabling search by query, query name or query description

  • Added highlighting the free text search string in the search results

  • Improved search results pagination by allowing the user to skip to an arbitrary page

  • Ability to skip to top of the search results table to avoid scrolling

  • Ability to clear the selected date in the Date Picker

  • Columns selection and resizing is retained when paginating through Search Results

  • Added Timeout and Limit to the query details displayed on the Search History and Saved Queries tabs, when the query row is expanded

  • Auto-scroll to error message if an error occurs during the pagination

  • Associated query result with Saved Query if the query was saved before running search

  • Improved Search Results pagination performance

Security

• Security hardening of NAS credentials storage

• Disabled Apache2 status module that was flagged as a security risk

• When Snare Central debug level is increased, a supplied LDAP password is now masked in Snare logs

• Ubuntu 18.04 latest patch updates

Bug Fixes

• Fixed the layout of the System > Administrative Tools > Antivirus Administration page

• Allowed user to upload virus signature files of up to 200MB in Antivirus Administration without errors

• Resolved an issue that prevented a full systems antivirus scan from running

• Resolved an error in real time alerts generation for some event types

• Fixed System > Launch OpenVAS page that was displaying an error

• The 'Systems' drop-down for the Snare Events Search, will now more accurately reflect the full range of systems that are reporting data to the Snare Central server

• Fixed functionality of Agent Management > Snare Agents > Retrieve User and Group Information from Windows Servers

• Historical collection dashboard graph now shows data in UTC time

• Dashboard is now using a browser default scroll bar style instead of a narrow style

• Improved handling of missing or corrupt dates in Exchange 2008/2013 events.
  This issue could cause the collection module to terminate and restart, leading to a temporary slow down in event collection.

• Fixed an issue with Snare Agent Heartbeat events storage, that led to Heartbeat events not being found when searching by dates

• Fixed an issue that prevented mounting a NAS as primary data store via a Disk Manager

• Resolved an issue with usage of second password field in AMC config page when retrieving Snare Agent master configuration

• Fixed the criticality value not showing in the Generic Log reports

• Syslog application names are now correctly showing in the SOURCE field in the Generic Log reports

User Guides

Offline version of the User Guide related to this release

Open

Installation & Side-by-side Migration Guide for Snare Central

Open

User Guide to the Snare Agent Management Console (AMC) in Snare Central

Open