Sending logs to Securonix

Snare is an integrate partner with Securonix and fully supports sending various type of logs data to the Securonix platform.

The following guides detail the required steps to configure and send log data to Securonix for supported log types:

The following table also highlight some of the high level configurations of the Snare reflector for sending log data into Securonix:

Datasource	Format in Reflector	Filter regex (include)	Filter comments	Notes

Datasource	Format in Reflector	Filter regex (include)	Filter comments	Notes
Apache Web Server	Syslog RFC 3164	\tApacheLog\t		Set “Log Type” in log file policy as “Apache”.
Microsoft ADFS	Raw	AD FS/Admin
Microsoft Defender	Raw	Microsoft-Windows-Windows Defender/Operational
Microsoft DHCP	Syslog RFC 3164	\tDHCPLog\t	Replace MSSQLSERVER with instance name	Set “Log Type” in log file policy as “DHCP”.
Microsoft DNS Server	Syslog RFC 3164	\tMSDNSServer\t		Set “Log Type” in log file policy as “DNS”.
Microsoft Exchange Parser	Syslog RFC 3164	\tExchangeLog\t		“Custom” Log type specified in policy. Set as "ExchangeLog".
Microsoft IIS Server	Syslog RFC 3164	\tIISWebLog\t		Set “Log Type” in log file policy as “IIS”.
Microsoft Windows Powershell	Syslog RFC 3164	Microsoft-Windows-PowerShell/Operational
Microsoft Windows Snare Application	Raw		One desitnation and policy required for Security, Application and System
Microsoft Windows Snare Security	Raw		See above
Microsoft Windows Snare System	Raw		See above
Microsoft Windows Sysmon	Raw	Microsoft-Windows-Sysmon/Operational
Microsoft Windows Sysmon	Syslog	Microsoft-Windows-Sysmon/Operational
RADIUS_NPS	Syslog RFC 3164	RadiusLog		“Custom” Log type specified in policy. Set as "RadiusLog".
Windows MSSQL Via Syslog SNARE	Raw	MSSQL\$MICROSOFT##WID\|MSSQLSERVER	Replace MSSQLSERVER with instance name
Windows MSSQL Via Syslog SNARE	Syslog RFC 3164	MSSQL\$MICROSOFT##WID\|MSSQLSERVER	Replace MSSQLSERVER with instance name

Snare Windows Agent v5 Documentation