Release Notes for Snare Central v8.7.1
Snare Central v8.7.1 was released on 17th November 2025.
Snare Central incorporates Reflector v3.3.1, Snare Agent Manager (SAM) v2.1.3, and Snare Enterprise Agent for Linux v5.9.1.
If the threat intelligence component is active, version 6.8.7 of ElasticSearch is activated.
The following licensed components are available:
- Snare Management Center (SMC)
- Snare Management Center Client (SMC)
- Agent Management Console (AMC)
- Snare Advanced Analytics (SAA)
- Cloud Logs Collection:
- Office 365 Logs Collection
- Amazon Web Services Log Collection
- Oracle Cloud Log Collection
After upgrading to Snare Central v8.7.1, please reboot the server to apply kernel changes, as advised by Ubuntu.
Overview
Snare Central version 8.7.1 is a patch release that includes updated system packages, security patches, minor enhancements and bug fixes.
Please refer also to Release Notes for Snare Agent Manager (SAM) v2.1.3 included in this release.
Compatibility Note
Snare Agent Management v2.1.3 included in this version of Snare Central is compatible with the following versions of Snare Agent.
| SAM v2 Feature | Supported Snare Agent Versions |
|---|---|
| Agent Configuration Management | 5.8.0 or newer |
| Agent License Management | 5.5.0 or newer |
| Remote Agent Upgrade | 5.5.0 or newer |
| Agents Discovery using Network Scan | 5.4.0 or newer |
Please upgrade the Snare Agents to the latest version BEFORE upgrading the Snare Central, if you are using these features of SAM.
Features and Enhancements
- Added "Compress Attachments" checkbox in the reports' Schedule dialog, to reduce attachments size when emailing the reports
- SAM and EPS/BPS components on the Executive Dashboard now display friendly error messages if user is not authorized or if the service is down
- Improved cleanup of old FIPS header files and tools during the upgrade
Security
System packages updated to mitigate security vulnerabilities.
After upgrading to Snare Central v8.7.1, please reboot the server to apply kernel changes, as advised by Ubuntu.
- Removed unused
xsltprocpackage which could remain after upgrading from older versions - Removed
SnareInstalldirectory that could remain after upgrade from older versions and cause false-positive security findings
Bug Fixes
- Improved migration of log data from SnareTransition to SnareArchive, to avoid accumulation of older logs in SnareTransition under high load
Fixed resuming of interrupted Replay task for Splunk HEC destination
- Configuration change in Field Remapping Template will now be correctly reflected in Replay run without needing to manually restart the SnareReplay service
- Changed default log level to WARN for SnareReplay service
- Added missing labels and fixed font style on Reflector > Settings > General page
- Added several user friendly error messages for Reflector Destination and General Settings pages
- Fixed updating of Log Type on the Fields Remapping form
- Fixed false positive "Log Type already exists" error shown in Fields Remapping form when log types of two rules are swapped
- Fixed UI issue where selected Remapping Function could become empty after a period of time on the Fields Remapping form
- Executive Dashboard Events per Second graph and SAM Status component will now load properly following an upgrade, without requiring re-login
- Fixed a problem with SAM access relying on Reflector permissions
- Fixed a problem migrating Access Control records for Reflector upon server upgrade
- Fixed Agent Status and Collection Status cron jobs access to SAM as it could fail in version 8.7.0
- Removed deprecated "Timeout" field in Configuration Wizard > Performance and Hardware > Query Settings