Release Notes for Snare Agent Manager v2.0.0

Security Updates

• Added configurable maximum failed logins limit. If this limit is exceeded, the user will be locked out for a period of time. The maximum number of failed consecutive login attempts and the lock timeout are configurable via General Settings.
• 3rd party libraries upgraded: 
  • OpenSSL upgraded to version 3.1.1
  • Boost upgraded to version 1.81.0
• Moved to stronger encryption method for storing SMTP password
• Fully removed dependency on MD5 hashing that is deprecated and not secure:
  • Replaced usage of MD5 with stronger hashing algorithm in License Manager

  • Removed support for MD5 based authentication in Agent Scanner. Only 5.4+ agents are now supported

    SAM v2.0.0 will not be able to discover pre-v5.4.0 agents during the Network Scan.
    It is recommended to discover and upgrade older Snare Agents to the latest version prior to upgrading to SAM v2.0.0.

  • Removed MD5-based Agent-to-SAM authentication. After this change SAM will accept connections only from Agents v5.5.0 and newer. 
    

    Snare Agents older than v5.5.0 will not be managed by SAM starting from this version. SAM will not accept connections from older agents, as old authentication methods were fully deprecated for security reasons.
    Customers who have older agents in their fleet are advised to upgrade the Agents to v5.5.0 or newer prior to upgrading SAM to this version.

  • Removed usage of MD5 hashes for legacy front end resource caching
  • Removed MD5 from the About page

New Features and Enhancements

• Snare Agent Manager (SAM) v2.0.0 introduces new ability to manage Snare Agents' configuration.
  Snare Agents (v5.8.0 or newer) will be able to pull the relevant configuration from SAM and check periodically for configuration updates. 
  

  This functionality is licensed, and requires a license with Agent Management Console (IA_SAM_CONFIG) feature. Customers who have an existing AMC license will be able to transition to use this new capability.

  
  SAM now offers a new Agents Management > Agents Policies interface that allows to:
  

  • Create Managed Groups of Agents using a variety of filters, such as Agent type, version range, IP filters, Hostname regular expression
  • Automatically assign an Agent to a group, based on group filters
  • Assign master configuration to a group, loaded from an Agent or from a file
  • Edit selected fields in master configuration
  • Configure frequency with which Agents in a group will be connecting to SAM to check for configuration updates
  • Provide an updated configuration to the connected Agents
  • Review the Agents assigned to a group and see their status 

Please refer to the User Guide > /wiki/spaces/SAM/pages/2172977159 for more details.

This new functionality uses a pull process to obtain the agent policy from the SAM, this replaces previous method of pushing configuration from AMC (Snare Central component) to the Snare Agents

• Added a new setting under Email Alerts, allowing to select/deselect License Features for exceeded allowance alerts. This will allow users to opt out from receiving email alerts for alternative features
• Introduced Agent license cache for better performance
• Revamped SAM header and sidebar
• General performance improvements in memory management

Bug Fixes

• Resolved an issue where there could be a delay in Agent detection and license allocation
• New license is now automatically distributed to Agents whose license expired
• Fixed incorrect Agents count in upcoming license expiry warning
• Fixed issue in Agent License "Replace With" drop down list, where only the current feature license id could be listed

User Guide

The following is an offline version of the User Guide related to this release.

For an up-to-date version refer to the online version here.