Release Notes for Snare Windows Agent v5.8.1

Snare Windows Agent v5.8.1 was released on 19th June 2024.

Since v5.8.0, upgrading Snare Agent from versions earlier than 5.4.0 for Agents that had password enabled is not supported.

Customers who need to upgrade the Agent from pre-5.4.0 version, are advised to perform a two-step upgrade:

  • Step 1 - Upgrade from pre-5.4.0 version to v5.7.0 or 5.7.1
  • Step 2 - Upgrade from v5.7.* to the latest version

Security Updates

  • 3rd party libraries upgraded: 
    • OpenSSL upgraded to version 3.1.5

New Features and Enhancements

  • Allow Agent service to start up and display Web UI with the relevant error message when the Agent is running with permissions insufficient for audit logs collection
  • Removed registry values that are no longer in use from the 'Remote' registry key
  • Preventative code maintenance

Bug Fixes

  • Fixed handling of remotely-configured SNARE V2 and JSON formats. These formats are now properly applied to outgoing events after configuration update is obtained from SAM
  • Fixed scenario where log audit, FIM and RIM policies could not be completely removed via remote configuration managed by SAM
  • Fixed a crash that could occur when sending a Microsoft windows CAPI2 event in Snare v2 or JSON formats
  • Fixed handling of duplicated data fields in Windows events sent in Snare v2 or JSON formats
  • Fix for issue where invalid event data could result in Agent being stuck attempting to process such event
  • Improved validation of 'Event ID Match' input in Audit Policy
  • Removed misleading erroneous Error logged after reading last Advanced Audit policy
  • Fixed license file names listed on the 'Select a License' page of the installer. If the file name contained parentheses, only the text in parentheses was displayed
  • Fixed spelling mistakes in labels on the Advanced Audit and FAM policy configuration pages

User Guide

The following is an offline version of the User Guide related to this release.

For an up-to-date version refer to the online version here.