Release Notes for Snare Windows Agent with Event Collection v5.8.1
Snare Windows Agent with Event Collection v5.8.1 was released on 19th June 2024.
Since v5.8.0, upgrading Snare Agent from versions earlier than 5.4.0 for Agents that had password enabled is not supported.
Customers who need to upgrade the Agent from pre-5.4.0 version, are advised to perform a two-step upgrade:
Step 1 - Upgrade from pre-5.4.0 version to v5.7.0 or 5.7.1
Step 2 - Upgrade from v5.7.* to the latest version
Security Updates
3rd party libraries upgraded:
OpenSSL upgraded to version 3.1.5
New Features and Enhancements
Allow Agent service to start up and display Web UI with the relevant error message when the Agent is running with permissions insufficient for audit logs collection
Removed registry values that are no longer in use from Remote registry key
Preventative code maintenance
Bug Fixes
Fixed handling of remotely-configured SNARE V2 and JSON formats. These formats are now properly applied to outgoing events after configuration update is obtained from SAM
Fixed scenario where log audit, FIM and RIM policies could not be completely removed via remote configuration managed by SAM
Fixed a crash that could occur when sending a Microsoft windows CAPI2 event in Snare v2 or JSON formats
Fixed handling of duplicated data fields in Windows events sent in Snare v2 or JSON formats
Fix for issue where invalid event data could result in Agent being stuck attempting to process such event
Improved validation of 'Event ID Match' input in Audit Policy
Removed misleading erroneous Error logged after reading last Advanced Audit policy
Fixed license file names listed on the 'Select a License' page of the installer. If the file name contained parentheses, only the text in parentheses was displayed
Fixed spelling mistakes in labels on the Advanced Audit and FAM policy configuration pages