Silent Install

Owned by Mirza Baig (Unlicensed)
Last updated: Sept 14, 2018
3 min read

The silent install option is provided for system administrators wishing to automate the process of installing Snare Enterprise Epilog for Windows.

Command line options

The Snare installer has a number of command line options to support silent, automated installations:

  • /VerySilent – The Wizard will be hidden for the duration of the installation process. Any message boxes will still be displayed.
  • /SuppressMsgBoxes – Any messages boxes will be dismissed with the default answer.
  • /Log="filename" – Two log files will be created: filename and filename.Snare.log. The Wizard installation log will be written to filename and a detailed Snare installation log will be written to filename.Snare.log.
  • /LoadInf="INFfile" – The INFfile is a template file produced by another Snare installation. It contains all the necessary information to complete the installation and configure the agent for normal operations. See below for more details on how to produce this file.
  • /Reinstall – Tell the installer to overwrite any existing installation.
  • /Upgrade – Tell the installer to upgrade the existing installation. If no existing installation is detected, the installer will abort. This option will only upgrade the Snare files, all configuration settings will remain untouched and the "LoadInf" file will be ignored.

  • /UseHostIP – To enable the address resolution feature, to use the host IP address.  Value 0 for off, and 1 to allow.

  • /Destination– Set the IP address or hostname which the event records are sent.

  • /DestPort – Set the destination port for e.g Snare, syslog.

  • /Protocol –Set the protocol you would like the agent to use when sending events.  Values 0 (UDP),1(TCP),2 (TLS/SSL).

  • /RemoteLocal – To allow remote connections to the agent from localhost only. Value 0 for off, and 1 to allow.  Ensure /RemoteAllow and /AccessKey are also set with this option.

  • /RemoteAllow – To enable the remote access of the agent. Value 0 for off, and 1 to allow.

  • /Audit – Set whether Snare is to automatically set the system audit configuration. Set this value to 0 for no or 1 for Yes (default).

  • /AccessKey - Set the password for the remote access of the agent.

  • /License - Specify the file name of the license, for example /license="20180206-SnareAgent-Evaluation-AZP-CYT.sl". The license file must reside in the same directory. [available from v5.1]

Silent Install Setup Information File (INF)

To silently deploy a completely configured agent, the installer requires the help of a Setup Information File, also known as an INF file. To produce a working INF file, follow these steps:

  1. Install the Snare agent using the Wizard.
  2. Using the web interface, configure the agent's Network and Remote Control settings.
  3. Configure one or more objectives.
  4. Ensure you have administrator rights, open a command prompt and browse to the directory where Snare is installed.
  5. Execute the following commands:
    • To export the information and error messages, along with the INF file contents to the screen:

epilog -x

    • To write the INF file contents to a file, where <INFfile> is a file for use with the /LoadInf command line option.

epilog -x INFfile

Silent Deployment

To install using the silent installer:

  1. Copy the Epilog exe file to your Epilog installation e.g. c:\program files\epilog
  2. Ensure you have administrator rights, open a command prompt and browse to the directory where the setup program is stored.
  3. To install Epilog with the options specified in <INFfile> for example where the INFfile is called mysettings.INF file, and not display any pop-up windows, run the file:

    Snare-Epilog-Agent-v{Version}-SecureWorks-v{Version}-multiarch.exe /verysilent /suppressmsgboxes /LoadInf="mysettings.inf"

    This option is suitable for packaging and non-interactive installations. 

  4. To reinstall Epilog with the options specified in <INFfile> for example where the INFfile is called mysettings.INF file, and not display any pop-up windows, run the file:

    Snare-Epilog-Agent-v{Version}-SecureWorks-v{Version}-multiarch.exe /reinstall /verysilent /suppressmsgboxes /LoadInf="mysettings.inf"

    This option is suitable for reinstalling Snare with settings non-interactively.
  5.  To install the agent setting the network configuration: 

    Snare-Epilog-Agent-v{Version}-SecureWorks-v{Version}-multiarch.exe /usehostip=1 /destination=10.1.1.1 /destport=514 /protocol=0 /reinstall /verysilent /remoteallow=1 /audit=0

  6. To install the agent setting the network configuration and allowing remote local access:  
    Snare-Epilog-Agent-v{Version}-SecureWorks-v{Version}-multiarch.exe /usehostip=1 /destination=10.1.1.1 /destport=6161 /protocol=1 /reinstall /verysilent /remoteallow=1 /remotelocal=1 /accesskey=mypassword