Release Notes for Snare Central v8.3.0

Owned by Andrew Madge
Dec 03, 2020
5 min read

Snare Central v8.3.0 was released on 10th November 2020.

Snare Central incorporates the Agent Management Console (AMC), Reflector v2.4.0, Snare Agent Manager (SAM) v1.4.0, and Snare Enterprise Agent for Linux v5.4.0.

If the threat intelligence component is active, version 6.8.7 of ElasticSearch is installed.

Overview

Snare Central version 8.3.0 introduces a new Events Search capability, as well as a number of enhancements and bug fixes. This is the third step in our journey toward renewing the User Interface and enriching the user experience for Snare Central users.

User Interface Updates 

Events Search

The new Events Search interface provides the capability to search events collected and stored in Snare Central, for fast troubleshooting and forensic analysis.
Both basic and advanced search options are available. The user can save a query for future re-use, view search history, and view results of recent queries. An intuitive graphical interface allows search results to be filtered by Log Type and System. 

For a detailed description of the new Events Search functionality please refer to the Events Search page in the Snare Central User Guide.

v8.2.0v8.3.0

Dynamic Search

This page has been removed and replaced with the new Events Search interface.

Reports 

  • Report icons now have a color-coded report criticality indicator
  • A new filter was added to allow reports to be filtered by criticality
v8.2.0v8.3.0

Header

Added local time and server time in the Header section. If local and server time are the same, only one time is displayed.

v8.2.0v8.3.0

Security

  • All hashing functions updated as per FIPS requirements
  • Apache web server has been restricted to TLS v1.2 and TLS v1.3 with strong ciphers in this release
  • Removed the existing "Strong ciphers only (TLSv1.2 and above)" setting from Configuration Wizard, Security section, as this is now a default behavior and this configuration is redundant

Features and Enhancements

  • Dashboard: improved performance of loading the heatmap quadrant data
  • Agents Management Console (AMC) enhancements:
    • Added new Desktop and Server filter for Windows agents
    • Added support for v5.4.0 Snare Agents that use new FIPS compliant authentication
  • Enhancements to the side by side migration process to include Snare Agents → Remote Management objectives as part of the data transfer
  • Receiving SNMP v3 traps is now supported. It can be configured via Configuration Wizard -> SNMP SetupSnare Central can receive SNMP trap data, and make it available for analysis within the Snare Central as SNMPLog event type
  • Added a new TLS listener port 6514 for Syslog collection
  • In this release a new System → Administrative Tools → File Integrity Check Administration objective substitutes the old Status →  Retrieve Integrity Check of the Data Store 
    This new tool allows the user to schedule, monitor and administrate system file integrity databases and report on any changes on such files. See Administrative Tools -> File Integrity Check Administration for details
  • Support for Network Storage (CIFS or NFS) for backup has been added to the System → Data Backup objective. See System Menu -> Data Backup -> Network Storage for details
  • Added 20 new Reports available out-of-the-box
    • Reports/Operating Systems/Windows Incidents/Windows DNS/
      • CISA DNS Log changes
      • CISA DNS Config changes
    • Reports/Operating Systems/File and Resource Access/File Integrity/
      • Snare FIM Registry Activity
      • Snare FIM FILE activity
    • Reports/Snare Central/
      • Agent Heartbeats
    • Reports/Operating Systems/Login Activity/MacOS/
      • User Login Activity
      • Login Failures
      • Failed Super User Access
      • Super User Access
      • Sudo Usage
      • Failed Sudo Access
    • Reports/Operating Systems/Process Monitoring/MacOS/
      • Sensitive Applications
    • Reports/Operating Systems/File and Resource Access/MacOS/
      • File Access
    • Reports/Operating Systems/vCenter/
      • vCenter Log Summary report
      • vCenter Updatemgr Logs
      • vCenter vmon Logs
      • vCenter vpxd Logs
      • vCenter vmcad Logs
      • vCenter vmdird Logs
      • vCenter applmgmt-audit Logs
  • Enhanced Snare Agent configuration to be CIS compliant
  • Updated Configuration Wizard STIG section with CIS settings and warnings, linked to CIS Compliance page
  • Replaced the label "PIXLog" with "ASALog (PIXLog)" for Cisco ASA firewall events, to make it more intuitive for the users. This label was updated in the dashboard and search results pie charts and in the Events Search Log Type selector
  • Added support for underscore character in the host name. In previous versions this affected actions on reports such as "Port and Vulnerability Scan" if the customer had machines with host names not compliant with RFC952
  • Added network debug information per destination to Support Data to help with troubleshooting connectivity issues

Bug Fixes

  • Fixed handling of SNMPTrap and MailLog events that were stored in Snare Central as GenericLog type
  • Resolved a problem with the source file name not being detected on GenericLog events generated by Snare Epilog
  • Fixed vCenter events handling for newer vCenter versions
  • Resolved vsftpd server configuration issue that prevented FTP transfers to work correctly
  • Improvements to Disk Manager to increase it's resiliency when faced with filesystem corruptions
  • Fixed a problem with PAM configuration that prevented changing passwords for Linux users correctly
  • Fixed an issue where Snare Central LDAP authentication was disabled after clicking on test button
  • Resolved an issue where a user is unable to upload CA certificates via the Configuration Wizard → Security Setup
  • Made the order of the destinations on the Snare Health Checker page consistent with the order of the destination is the Reflector Configuration page
  • In this version audit is disabled at boot time and can be enabled when STIG is enabled
  • Fixed an issue where clicking on the Heatmap in some Windows Reports shows "No records found"
  • Fixed Dashboard heatmap date anomalies. Heatmap now shows UTC date time, data and presented based on server time zone
  • Reports exported in CSV format will now only strip HTML 4 tags and won't escape any custom tag as it may be a useful data for customer. HTML special characters will still be encoded
  • Fixed an LDAP validation problem that prevented the user from logging in when using Distinguished Names
  • Fixed backup using an external USB drive
  • Fixed Tab navigation inside a Reports directory and for Reports filter
  • Fixed downloading CSV and PDF attachments for the Snare Agents → Remote Management custom (cloned) objectives
  • Fixed an issue where uploading antivirus databases crashes the Chrome browser. Added progress bar and message for better visibility of a background file upload process
  • Fixed issue in side by side migration when there are very large amounts of data in the origin server
  • After side by side migration the "Snare Central Update" information will now include Update History from local server only (not including history from the origin server)
  • Fixed the format for UTC offset on Snare Health Checker page
  • Various minor bug fixes

User Guides

Offline version of the User Guide related to this release

Installation & Side-by-side Migration Guide for Snare Central

User Guide to the Snare Agent Management Console (AMC) in Snare Central