Release Notes for Snare Central v8.4.5

Owned by Svetlana Sheptiy
Last updated: May 10, 2022
1 min read

Snare Central v8.4.5 was released on 12th May 2022.

Snare Central incorporates the Agent Management Console (AMC), Reflector v3.0.4, Snare Agent Manager (SAM) v1.5.2, and Snare Enterprise Agent for Linux v5.5.1.

If the threat intelligence component is active, version 6.8.7 of ElasticSearch is activated.

Overview

Snare Central version 8.4.5 is a patch release that includes updated system packages, security patches, minor enhancements and bug fixes.

Security

  • Telnet is removed on full update of Snare Central for enhanced security
  • Ubuntu USN-5380-1 Bash vulnerability is patched
  • Other Ubuntu package updates and security patches

Features and Enhancements

  • A new Syslog RFC 5424 - no structuredData destination format is now available in the Snare Reflector.
    This format provides compatibility with Syslog RFC 5424 format implementation in pre-8.4.0 version of Snare Central that did not inject 'structuredData' in syslog payload. 
    This format format WILL enforce the presence of the Syslog RFC5424 PROCID and MSGID fields as part of the new RFC-compliance checks. These fields could have been absent in data forwarded from previous versions of the Reflector, which did not quality-check incoming RFC5424 compliance.

Bug Fixes

  • Fixed the issue where Snare Central health checker could erroneously report that a destination is "Disconnected" in situations of very low event volume (less than 1 event every 60 seconds). The connection remained established; the status was incorrect.