Navigating the Snare Central User Interface v8.0.0
- Andrew Madge
- Leigh Purdie (Unlicensed)
- Anonymous
Snare Central employs an interactive application interface, employing drag and drop, popup dialogs, and dynamically updating data. The Snare Central interface is generally divided into four 'panels', as shown in false-colour, in the image below.
Top Panel
The 'green' panel provides buttons for performing common functions and switching between the different navigation menus. Some of these buttons are greyed out when they are not available for use for the current objective. These buttons are, in order left to right:
| The Snare Logo, which takes you back to the dashboard. |
 | Modify the configuration of the currently open objective. |
| Change who can access, or modify the configuration of the currently open objective. |
| Configure the objective to regenerate on schedule, and modify the email distribution list. |
| Add the currently displayed objective to the regeneration queue. |
| Displays the currently queued and regenerating objectives. |
| Provides the option to download attachments generated by the currently open objective. |
| Logs you out of your current session on the Server. |
| Switch to the Agent Management Console. |
| Switch to the Reports navigation menu mode. |
| Switch to the Status navigation menu mode. |
| Switch to the System navigation menu mode. |
Objective Navigation Panel
The 'blue' panel, also known as the 'Objective Navigation Panel' provides the ability to select individual objectives to be displayed. The behavior of this section is slightly different, depending on whether you have chosen the 'Reports', the 'Status' or 'System' areas.
All three areas support a 'tree' style interface, where containers can be expanded or contracted to hide or reveal objectives. All three areas display objectives in natural alphabetic order, with containers prioritised before objectives. All three also provide the ability to expand, contract or collapse the navigation panel by using the left-right arrow icons that are displayed to the right of the navigation panel title. The 'Reports' area, however, also offers the ability to:
- Drag and drop objectives from one container to another.
- Create new containers, and objectives using the 'Add New Objective and 'Add New Container' links.
- Clone, rename, delete, or modify the icons of objectives, by right-clicking on an objective. A pop-up menu will appear providing these options.
- Rename, recursively delete, or export the contents of a container, by right-clicking on a container. A pop-up menu will appear providing these options.
- Search for events using a search-engine style interface across multiple log sources, with 'Dynamic Search'.
A range of default objectives will be installed in the 'Reports' area for you by the Snare Central Installation process.
Dynamic Search
Dynamic Search may be used to quickly sift through information across multiple log sources, at the expense of completeness. The following filters are available for this tool:
- Find Events that contain: enter a string or event id
- Within the following date range: select from a date range or time period e.g. This Month
- Data Sources to Search: potential data sources which may be sending log data to Snare Central e.g. WinSecurity, GenericSyslog
- Query Timeout (seconds): defaults to 60 seconds, but may be increased if searching on a larger subset of data sources or time range.
Note that data that arrives at the Snare Server may take up to fifteen minutes to process and become available for this objective.
The Objective Navigation Panel can be partially hidden from view, by clicking the left-pointing arrow at the top-right of the navigation panel. The panel will be 'folded' into the side of the window. A small, right-pointing arrow will remain in place, to restore the panel to normal size.
The panel can also be expanded and contracted by smaller increments, using the left/right pointing arrows.
Status Panel
The 'purple' panel will display information relating to the currently selected objective, such as a summary of the objective configuration settings that have been modified, or the current progress towards completion while the objective is regenerating.
Over to the right-hand side of the area, the amount of time that the server has been running without reboot will also be displayed, and if the Snare Central Health Checker needs to inform you of an issue that requires your attention, an animated notification icon may also be displayed. This icon may be clicked on for further information.
Objective Panel
The 'yellow' panel is where objectives are actually displayed. When you select an objective from the 'blue' panel, this panel updates to show you the objective.
Many objectives display portions of the objective results in 'tabs' at the top of the page. These can be individually clicked to scan through the results. The type and function of these components is objective dependent, but will often include:
- A 'pattern map', which shows volumes of events, divided up into 15 minute segments for the reporting period.
- Tabular details, which displays a configurable proportion of the results.
- Various line graphs, bar graphs, port-maps, geolocation maps, or pie graphs.
Many objectives will also have interactive components that can be clicked to:
- Drill down for more information
- Page between results
- Sort data within a table
In order to provide a modern, interactive user interface, Snare Central utilises some features available only in more modern browsers. Users of Internet Explorer version 8 or prior, or Firefox 3 or prior, may experience slow response from JavaScript engines, poor quality graphics, or other degraded capabilities.