Release Notes for Snare Central v8.5.4

Snare Central v8.5.4 was released on 18th July 2023.

Snare Central incorporates Reflector v3.1.4, Snare Agent Manager (SAM) v1.7.2, and Snare Enterprise Agent for Linux v5.7.1.

If the threat intelligence component is active, version 6.8.7 of ElasticSearch is activated.

The following licensed components are available:

After upgrading to Snare Central v8.5.4, please reboot your computer to apply kernel changes, as advised by Ubuntu:
https://ubuntu.com/security/notices/USN-5920-1

Overview

Snare Central version 8.5.4 is a patch release that includes updated system packages, security patches, and minor enhancements.

OpenJDK package is removed unless SATI functionality is in use.
System packages updated to mitigate security vulnerabilities.

After upgrading to Snare Central v8.5.4, please reboot your computer to apply kernel changes, as advised by Ubuntu:
https://ubuntu.com/security/notices/USN-5920-1

Speed optimisations for the collection/reflection subsystem
Increased the processing speed of firewall and web/network-related logs by introducing geolocation caching
Increased the size of regular expression filed in the Autoremove objective from 40 to 255 characters
Added packages for GlusterFS clustering, disabled by default. This is to allow building high-throughput Snare Central clusters to collect extra-high volumes of log data. The setting up of this currently requires professional services and is not enabled via the configuration wizard.

For users of Office 365 log collection capabilities, the configuration may be overwritten on upgrade. If you wish to retain your current settings, please make a backup copy of the /data/Snare/ConfigSettings/Office365Config.json file in a location of your choosing, and restore it after the upgrade is completed.

Offline version of the User Guide related to this release

Installation & Side-by-side Migration Guide for Snare Central

User Guide to the Snare Agent Management Console (AMC) in Snare Central