Release Notes for Snare Central v8.5.1

Owned by Svetlana Sheptiy
Last updated: Nov 08, 2022 by Andrew Madge
2 min read

Snare Central v8.5.1 was released on 8th November 2022.

Snare Central incorporates Reflector v3.1.1, Snare Agent Manager (SAM) v1.6.1, and Snare Enterprise Agent for Linux v5.6.1.

If the threat intelligence component is active, version 6.8.7 of ElasticSearch is activated.

The following licensed components are available: 

  • Snare Management Center (SMC)
  • Snare Management Center Client (SMC)
  • Agent Management Console (AMC)
  • Cloud Logs Collection:
    • Office 365 Logs Collection

Overview

Snare Central version 8.5.1 is a patch release that includes updated system packages, security patches, enhancements and bug fixes.

Security

  • System packages updated to mitigate security vulnerabilities.

Features and Enhancements

  • Added support for Check Point Anti-Malware logs sent to Snare Central in CEF format (Log Type: CheckPointAntiMalwareLog)
  • Added support for Check Point Firewall1 Logs sent to Snare Central in LEEF format (Log Type: Firewall1Log)
  • Snare Management Center can now manage a primary Snare Central server in a High Availability (HA) cluster
  • Office 365 Log Collection configuration now supports proxy servers

  • Priority mode has been removed for UDP destinations.
    UDP is a connection-less protocol that cannot be monitored for successful remote delivery, and the availability of priority mode provided a false sense of security for event integrity.

  • For both TCP and UDP destinations, the status of the connection will be evaluated as soon as the service is started, rather than waiting for the first valid event on a per-destination basis. This provides an early feedback mechanism on connectivity for TCP connections, and for UDP connections (particularly those that utilise a data diode), an actionable indication that packets are at least capable of exiting the Reflector's network stack.

  • Events Search: added search term highlighting in Search Results (this feature was temporarily revoked in v8.5.0)
  • Added 'EVENTID' field to the Linux and Linux Snare v2 related template reports
  • LinuxAudit-related reports are updated to a new format
  • The name of the Snare Agent package name has changed (see Agent v5.6.1 Release Notes for details)

Bug Fixes

  • Events larger than 64 kilobytes in size, may not be transmitted to UDP destinations from the Reflector prior to this update. After this update, data up to the maximum MTU size for UDP should be sent to the destination.
  • Fixed a problem in Snare Management Center (SMC) that wrongly allowed to manage the same server from different groups
  • Fixed Office365 Log Collection to ensure logs are not lost if connection times out
  • Fixed mounting remote file systems that could fail if the password contained special characters
  • Fixed an issue where when setting user or email address for schedules the email wasn't properly shown in the UI
  • Fixed a defect that prevented adding more groups to an existing user 

User Guides

Offline version of the User Guide related to this release



Installation & Side-by-side Migration Guide for Snare Central

User Guide to the Snare Agent Management Console (AMC) in Snare Central