Release Notes for Snare Central v8.4.2

Owned by Svetlana Sheptiy
Dec 06, 2021
2 min read

Snare Central v8.4.2 was released on 14th December 2021.

Snare Central incorporates the Agent Management Console (AMC), Reflector v3.0.2, Snare Agent Manager (SAM) v1.5.2, and Snare Enterprise Agent for Linux v5.5.1.

If the threat intelligence component is active, version 6.8.7 of ElasticSearch is activated.

Overview

Snare Central version 8.4.2 is a patch release that includes updated system packages, security patches, minor enhancements and bug fixes.

Features and Enhancements

  • Automatic low inode detection and resolution, for several SnareStore-managed partitions

  • Improved support data collection and its performance
  • Old kernels that are no longer in active use, will be removed from the system after the Snare Central upgrade

Bug Fixes

  • Improved loading time of Log Types filter on the Events Search page for large volumes of log data
  • Checkpoint logs' firewall source hostname can now be retrieved from the originsicname CN if supplied
  • Syslog events that utilize a 6-digit microsecond value are handled better, when non-RFC5424 compliant syslog data is sent to Snare Central
  • Fixed an installation-time bug that prevented the swap space from being allocated correctly
  • Fixed page navigation when there is a colon ":" in the objective name
  • Fixed the Events Search graph to always display events within the requested range and sorted by time
  • Windows events in Snare v2 format that contain arrays of values within fields, can now be processed
  • Added reflector support for Exchange 2016 logs
  • Fixed a problem that prevented AMC from working correctly when agent names were not a valid FQDN or IP address
  • Reports that included a real-time alert component, can now be scheduled correctly
  • Fixed memory growth issue that could lead to significant memory usage if real-time alerts are enabled
  • Backup and Restore functionality now supports numeric characters in CIFS, User Name, Share and Workgroup fields
  • Improved NAS fields sanitation and validation in the NAS forms for Disk Manager and Data Backup and Restore
  • Fixed a problem that prevented restoring backups from ISO images larger than 2GB (max is 4.4GB). This issue was fixed for new installations. This problem will continue to exist in upgraded servers.
  • In situations where a reflector destination was defined as a priority, and the destination was offline for a significant period of time, the reflector disk cache could fill the SnareReflector filesystem completely.
    This could, in some circumstances, create a corruption in the last segment of the destination cache. Although the service could remove the corrupted cache on restart, it would mean that a small number of cached events would be sacrificed.
    An automated disk space monitor has been introduced within the reflector, to turn off incoming events when the disk cache space is close to being exhausted.
  • Improvement to Dashboard's "Event per second" component to only show active destinations
  • Fixed a problem in MyAccount objective for the Administrator user
  • Fixed an issue preventing changing an expired password from the GUI when STIG is enabled
  • Fixed an issue in Autoremove Data objective that prevented correct deletion of old data
  • Improved performance of reflector statistics graphs