Terms and Acronyms
- Gerard Tuguigui
- Andrew Madge
- Leigh Purdie (Unlicensed)
Terms & Acronyms | Explanation |
|---|---|
Categories | Navigation tools used to access particular objectives on the server. |
Discriminators          | Used to formulate an objective. Although there are many discriminators available each objective contains its own set of discriminators. |
Event records | An event record contains information on when, what and where an activity has occurred on the host. |
Objectives | An objective is a generic name for an interactive report, which performs a specific task or implements a set of analysis rules that are intended to derive useful information from event log data that is collected by Snare Central. |
Snare | The acronym for the System iNtrusion Analysis and Reporting Environment. |
| Snare Agent | A small program installed on clients (servers, desktops, etc) that gathers events from system logs and sends them to Snare Central. |
| Snare Agent Management Console | Component within Snare Central that provides basic remote configuration management of the Snare Agents within Snare Central. |
Snare Events | An event in Snare can be described as an occurrence in any specific or group of systems that, from an administrator's point of view, is important to note in the day to day running and security of the system. |
Snare Central | Snare Central is used to administer and monitor Snare objectives. It provides a simple web interface to all of the objectives and allows custom configuration of Snare's monitoring capabilities. Previously referred to as Snare Server. |
Snare System | This refers to both Snare Central and Snare events. |
| Reflector | A component of the Snare Central collection service that re-sends all events that arrive at the target Snare Central server, to another collection server. Events can potentially be subject to both filtering (eg: only forward login-related events), or modified on the fly (eg: Change Snare format events, to syslog format). |