Security Certificates
This allows the generation or selection of the certificate you would like to use with the web UI, as well as managing certificate verification level when communicating with SAM and with network destinations to secure the events you are sending to the destination SIEM.
Certificates and their associated private keys are obtained using the Microsoft Certificate Store on the local computer. They are retrieved from the Personal certificate folder and can be viewed using the Certificate snap in Microsoft Management Console. The friendly name of certificates created is Intersect Alliance Certificate
Web UI HTTPS Certificate. Select the certificate to be used for HTTPS web user interface interactions. Snare shows only those certificates for which 'private key' is also found and is marked as exportable. This can be done while importing the certificate into Windows Certificate Store and shown in following screenshot.
Generate a new Self Signed Certificate. Generate certificates that will append to the available list of certificates. A self signed certificate may be generated if your site does not have a certificate.
Network Destination Certificate Verification. The ability to certify the chain of trust when connecting to a remote destination server. Select the level of certificate verification:
- Accept Any - Require an SSL/TLS certificate to be presented, but accept the certificate even if the chain of trust cannot be authenticated, or the hostname does not match the presented certificate. This is ideal for self signed certificates.
- Strict Checking - Require an SSL/TLS certificate to be presented, and have both a valid chain of trust and also a hostname matching the certificate. A hostname must be provided in the associated input field, as an IP address will not work.
Snare Agent Manager Certificate Verification. The ability to certify the chain of trust when connecting to a remote Snare Agent Management server. Select the level of certificate verification:
- Accept Any - Require an SSL/TLS certificate to be presented, but accept the certificate even if the chain of trust cannot be authenticated, or the hostname does not match the presented certificate. This is ideal for self signed certificates.
- Strict Checking - Require an SSL/TLS certificate to be presented, and have both a valid chain of trust and also a hostname matching the certificate. A hostname must be provided in the associated input field, as an IP address will not work.
Certificate verification is not supported for UDP or TCP. There will be no validation on these protocols.
To save and set the changes to the above settings, and to ensure the audit daemon has received the new configuration perform the following:
- Click on Submit to save the changes (or click Reset to set the page back to a saved state).
- Click on the Apply Configuration & Restart Service menu item.