Release Notes for Snare Windows Agent with Event Collection v5.7.0

Owned by Svetlana Sheptiy
Last updated: Jan 27, 2023
1 min read

Snare Windows Agent with Event Collection v5.7.0 was released on 27th January 2023.

Security Updates

  • 3rd party libraries upgraded: 
    • OpenSSL upgraded to version 3.0.7
    • Boost upgraded to version 1.79.0
  • Windows certificate handling was updated to use more secure certificate keys handling method
  • Event Checksum, appended to events if enabled, was changed from MD5 to SHA3-512 hash

Customers, who have event checksum enabled, may need to adjust their event integrity validation tools to use SHA3-512 instead of MD5. 

New Features and Enhancements

  • Windows Advanced Auditing can now be enabled and configured via a Snare Agent.
    Advanced Audit Policy provides more granular control over Windows auditing so you can capture what’s important and eliminate noise. 
    Snare Agent provides a set of out-of-the-box Advanced Audit Policies for collecting useful events.
    Snare Agent allows to easily switch between Basic and Advanced Windows Auditing, and provides a friendly web interface for configuring Advanced Audit Policies, with an option to apply additional event filters by user and text.

    Licensed Feature

    Requires license feature Snare WEC Advanced Auditing.

    See Audit Policies Configuration User Guide for more details. 

  • Snare agent now supports Windows 11

  • Self-signed certificates generated by Snare Agent on demand will now be named "Snare Agent"
  • More detailed debug logging for when Snare Service receives a signal from OS

Bug Fixes

  • OS Version is now displayed correctly for Windows 11 on the Agent status page
  • Fix for unicode logging fault
  • Fixed an issue where silent installation with INF file not containing audit policies mistakenly injected default audit policies
  • Corrected path validation error message in Registry Integrity Monitoring (RIM) Configuration screen