Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »


This page allows to configure access to Snare Agent via web User Interface, as well as establish communication with Snare Agent Manager (SAM).
Web UI can be used for configuring Snare Agent and monitoring its operation.

The following options may be set for remote control operation:

  • Restrict remote control of SNARE agent to certain hosts. This feature indicates whether to allow remote control of the Snare Agent. This option is also configurable at the time of installation. Enabling this option will allow the Snare Agent to be remote controlled from another machine via a web browser or the Snare Server's Agent Management Console. If the remote control feature is unselected, it may only be turned on by enabling the correct registry key on the hosted PC in which the Snare Agent has been installed.
  • IP Address allowed to remote control SNARE. Remote control actions may be limited to a given host. This host, entered as an IP address in this field, will only allow remote connections to be effected from the stated IP address. Note that access control based on source IP address is prone to spoofing, and should be considered as a security measure used in conjunction with other countermeasures.
  • Require a password for remote control? Indicate whether a password will be set so that only authorised individuals may access the remote control functions.
  • Password to allow remote control of SNARE. If above checkbox is set, set the password. If accessing the remote control functions through a browser or custom designed tool, note that the userid is 'snare', and the password is whatever has been set through this setting. This password is stored in an encrypted form in the registry, using the MD5 hashing algorithm.
  • Max number of failed attempts allowed Indicates the number of failed login attempts to be allowed before the agent will be locked. Accepted number of failed login attempts is 3 to 6. Default value is 3.
  • Lock timeout (minutes) after max failed attempts Indicates the lock duration in minutes if the agent is locked due to the maximum failed login attempts. Accepted duration (minutes) is 15 to 60. Default value is 15.
  • Web Server Port. Normally, a web server operates on port 80. If this is the case, then a user need only type the address into the browser to access the site. If however, a web server is operating on port (say) 6161, then the user needs to type https://mysite.com:6161 to reach the web server. Note the new server port, as it will need to be placed in the URL needed to access the Snare agent.
  • Require at least TLS 1.3 for browser connections to Agent Website. When unchecked (default), Snare Agent supports TLS 1.2 and TLS 1.3 for web connections. When checked, TLS 1.2 is explicitly disabled; browsers connecting to the agent website must support at least TLS 1.3 for ssl connections.
  • Snare Agent Manager IP. The IP address or FQDN of SAM (or localhost may be used if on same machine).  The agent will communicate with SAM via this IP and try to connect.
  • Snare Agent Manager Port. The port number of SAM machine the agent will try to connect using IP:Port combination.  Default is 6262.
  • Snare Agent Manager Authentication Key. It is the secret key that the agent uses for authentication while making the connection with the SAM. The agent will not be able to continue connection with the SAM if this key is invalid. This key is generated by administrators on SAM.  On installation of the agent the default key is DEFAULT_AUTH_KEY__USER_TO_UPDATE, and this is also the default on SAM in Settings|General.


To save and set the changes to the above settings, and to ensure the audit daemon has received the new configuration perform the following:

  1. Click on Change Configuration to save any changes to the registry.
  2. Click on the Apply Configuration & Restart Service menu item.
  • No labels