How does the Snare Server product protect and maintain the integrity of the audit logs?

Owned by Carlos Osorio
Nov 12, 2020
1 min read


SUMMARY

Jul 06, 2015

The Snare server logs are stored on a server that has restricted access. Users don’t have access to these logs. Access is restricted to the defined admins who have console access. Access via the web UI does not allow any change access to the data on the server. Once the logs are written to disk they never change.

The Snare Server also has a MD5 checksum capability and the hashes can be downloaded to keep offline and burnt to DVD. This process helps to provide assurance that the logs have not been tampered with by an admin.