Release Notes for Snare Windows Agent v5.0.1
Snare Windows Agent v5.0.1 was released on 3rd February 2017.
Enhancements
- Update CEF format to parse messages for ArcSight and other platforms using CEF format. Only basic message fields are used at this time, but allow for message truncation, sorting by message class, source and destination.
- Key IDs on the Agent /license pages is now styled to show alpha characters in black and numeric characters in a red tone. This is to make it easier for those that have problems seeing the different shades of grey.
- Licenses may now list a KeyID of 0 (zero).
Security Updates
- Maintenance update for OpenSSL to patch to OpenSSL-1.0.2j.
Bug Fixes
- Fix an issue where USB Device arrival and removal events were not correctly being picked up and sent.
- The Statistics page will no longer reset when the agent syncs with the SAM without any settings change. It will correctly display 24 hours worth of data in the graph.
- The AccessKeySet registry setting will no longer contain a valid hash if not set during the install.
- Fixed the handling of the conversion of logging levels in Group Policy when upgrading from v4 to v5.
- There was an issue that if a Snare agent and SAM are running on the same machine then Snare agent can be licensed even without configuring the SAM details in them. This issue is fixed in this release and now the SAM details should be included in the Snare agent to get it licensed from SAM.
- Host validation updated for Restrict IP when comma separated list of hosts is used.
- Fix a bug where the SAM and Certificate Section of an inf file were not imported correctly by the installer.
- Corrected errors related to Uninstall of the agent, where is some cases may leave a service running.
- There was an issue in the Snare Agent that was causing some settings to be marked GPO incorrectly; causing the local registry values to be ignored. The issue was specifically related to those settings that are being updated from v4 versions and upgrading to v5. The issue is fixed in this release and now Snare correctly handles the GPO source and the upgrade of settings from v4 versions when upgrading to v5.
- There was an issue the way agent handles the missing registry keys due to a corrupt configuration or a user manually removing registry keys. Due to this issue, if an agent cannot open a registry key then it just ignores it; causing snare get an error. This issue is fixed in this release. Now if snare cannot open a registry key then it creates the key with default values so that registry values can be written in newly created key. Snare logs an error if it cannot create the registry key if there is a permission problem.