Sending logs to Securonix

Snare can forward log data to Securonix using their pre-configured parsers. This guide outlines the steps to configure the Snare agent, along with links to the Securonix documentation on how to finalise configuration within Securonix itself.

1. Follow steps outlined here to install the Snare agent. Agent Installation - Snare Windows Agent v5 Documentation - Confluence

2. Once the agent is installed, login the web UI (https://localhost:6161) and select “Destination configuration”.
   
   

   Open

   

3. Under the “Network Destinations” section, enter the domain/IP address, port

Open

4. Follow steps outlined in Securonix documentation to configure required parsers:

Securonix has various parsers for log data generated and sent from Snare, details on this can be found at the below links. Only steps relating to Securonix configuration need to be followed.

• Microsoft Windows Security Logs

• Windows-Syslog-Winevent

• Microsoft Corporation Windows Snare Syslog System

• Microsoft Corporation Windows Snare Syslog Application

• Microsoft Windows MSSQL Via syslog SNARE

• Microsoft Corporation System Monitor Connector