Snare Central QuickStart

Summary

This QuickStart Package is designed to assist customers in setting up Snare Central and to provide expert advice on how to fully utilize its functionality and apply it in business operations. This package also provides direction on Snare Central installation and configuration to enable data collection, agent administration and reporting.

Pre-requisites

The following list of requirements must be met by the customer before work can begin:

  • Supply of physical/virtual machine with suffient resources as per our sizing documentation. Minimum Requirements - Snare Central v8 Documentation - Confluence (atlassian.net)

  • Supply of the following information:

    • IP address (3 required for HA), subnet mask, gateway address and DNS address

    • Resolvable FQDN & hostname for system

    • SMTP account and IP/DNS address (required for HA)

    • NTP server IP/DNS address (required for HA)

Central QuickStart Package

The following items are included in the QuickStart package:

  • Resource provisioning guidelines for Snare Central installation (hardware or virtual machine)

  • Snare Central installation (hardware or virtual machine) with configuration assistance on the following:

    • Language selection.

    • Location selection.

    • Keyboard layout.

    • IP Address configuration.

    • Gateway configuration.

    • DNS Server configuration.

    • Configuration of a fully qualified domain name.

    • Time zone configuration.

    • Password setup (root, snare, snarexfer and administrator accounts).

  • Generation and installation of the Snare Central license file.

  • Assistance with basic setup of Configuration Wizard within Snare Central WebUI:

    • NTP configuration.

    • Network services (FQDN, SSH, FTP and Samba file access).

    • Security setup.

    • LDAP setup.

    • Firewall setup.

    • Email setup.

    • SNMP setup.

    • High Availability (requires sufficient licensing).

  • Generation and installation of Feature license bundles for use with the Snare Agent Manager (SAM) integrated with Snare Central.

  • Confirmation of traffic flow from Snare Agents and syslog feeds.

  • Setup of Reflector to forward data where needed (SIEM, MSSP, SOC, another Snare Central).

  • Confirmation of log flow from Reflector to 3rd party systems.

  • Configuration of data management settings. Auto remove policies and Backup & Restore.

  • Demonstration of the Agent Management Console to pull a master configuration from a “golden image agent and push out to other agents.

  • Demonstration of usage and generation of the out-of-box reports, scheduling and alerts.

  • Demonstration of usage of dynamic search.

  • Review of Health Checker and configuration of alerts.

Â