Release Notes for Snare Windows Agent v5.0.2

Snare Windows Agent v5.0.2 was released on 18th May 2017.

Enhancements

  • Changes were made to validation of 'Access Configuration', SAM IP field. Previously hostname validation was limited to accept numeric values. Changed to accept fully qualified domain names. As a result, fields depending on ip/hostname validation will accept wider range of inputs that include FQDNs in addition to IPs.
  • Alters references for Evaluation Licenses to Temporary Licenses.
  • Added text on the License page in the UI to aid users using SAM or standalone licensing.

Security Updates

  • This modifies the SHA version for certificate in Windows and Unix agents. Enable higher level of security by using SHA2 support for newer version of Windows and Linux agents.
  • Snare Agent web UI functionality in the agent has been modified to avoid potential cross-site scripting attack.  

Bug Fixes

  • Notification and warning on Snare agents has been changed to to allow syslog_5424 format on port 514. As a result of this change, notification and warning will no longer appear for valid syslog format's when using port 514.
  • Fix for Snare generated events whereby host name or IP address was set to "unknown" in the message body.
  • Fix a potential for memory corruption of event data being sent via TCP, TLS or UDP when under very heavy loads.
  • Updated the agent to output events in utf-8 format. Some languages such as French have additional character sets as part of the locale which were not formatted correctly in UTF-8 format in the syslog message sent to third party SIEM servers. This update corrects the output of the syslog message to correctly translate the characters to utf-8 format. The browser interface to the agent will convert the characters based on the regional settings of the client system so is unaffected from this update.
  • There was an issue in previous release of the snare agent where it was not properly handling the objectives during upgrade to latest release. Due to this issue, objectives may not be available after upgrade. This issue is fixed in this release and now snare properly handles the objectives during upgrade and all objectives are available after upgrade.
  • Fixed a bug where if checksum for events was enabled it didn't apply the checksum correctly.  Checksum may only be enabled in the registry and appends a checksum of the event.  Note that checksums are applied for Snare and Syslog formats only if configured.
  • Snare agent warning and notification messages has been changed to issue warning for selecting non-TAB delimiter for SNARE format(Snare Server destination). As a result of this change, new warning's will be issued when non-TAB delimited for SNARE format (for Snare Server destination) is selected.
  • Resolves a bug which resulted in Windows Agent Objectives not being saved with the “Identify the event logs” as requested by the user.