[go: up one dir, main page]

Jump to content

Snare (software)

From Wikipedia, the free encyclopedia

Snare (sometimes also written as SNARE, an acronym for System iNtrusion Analysis and Reporting Environment) is a collection of software tools that collect audit log data from a variety of operating systems and applications to facilitate centralised log analysis. Enterprise Agents are available for Linux, macOS, Windows, Solaris, Microsoft SQL Server, a variety of browsers, and more. Snare Enterprise Epilog for Windows facilitates the central collection and processing of Windows text-based log files such as ISA/IIS. Snare Enterprise Epilog for Unix provides a method to collect any text based log files on the Linux and Solaris operating systems. Opensource Agents are available for Irix and AIX.

Snare is currently used by hundreds of thousands of individuals and organisations worldwide to meet local and federal information security guidelines associated with auditing and eventlog collection.[1]

Snare for Windows - Objective configuration

History

[edit]

The Snare series of agents began life in 2001 when the team at InterSect Alliance created a Linux kernel module to implement Trusted Computer System Evaluation Criteria auditing at the C2 level.

Agents for Windows, and Solaris soon followed, and additional operating systems, and applications were added to the mix over time.

The Snare Server software was originally designed to meet the needs of Australian-based intelligence agency clients, and distribution was restricted to Australia only. The need for a server solution to complement the increasingly popular Snare agents, pushed the InterSect Alliance team to find overseas partners, and allow distribution internationally.

Distribution

[edit]

Snare has been described as the 'De Facto standard for Windows event retrieval',[2] and because of its deep roots in the open source movement, coupled with available commercial support options, is used by small non-profit organisations, right up to huge multinational, Fortune-500 companies.

Organisations that produce audit server software that competes with the Snare Server software, such as Cisco,[3] Sensage,[2] and LogLogic ,[4] all use and recommend the Snare agents to their customers.

Most agents have both a supported commercial, and an open-source version available.

Design

[edit]

The Snare agents have been designed to collect audit log data from a host system, and push the data as quickly as possible, to a central server (or servers), for archive, analysis, and reporting.

The central server can be either a syslog server, a Snare Server appliance, or a custom application. Snare agents are also able to push logs over a unidirectional network in order to facilitate log transfer from networks of low classification to networks of higher classification.

The Snare Server is an appliance, or software-only solution, that provides a variety of analysis tools and to facilitate the collection, analysis, reporting, and archival of audit log data.

Snare Product Suite

[edit]
  • Snare Enterprise Agent for Windows
  • Snare Enterprise Agent for Linux
  • Snare Enterprise Agent for Solaris
  • Snare Enterprise Agent for macOS
  • Snare Enterprise Agent for MSSQL
  • Snare Enterprise Epilog for Windows
  • Snare Enterprise Epilog for Unix
  • Snare Central
    • Snare Repository
    • Snare Reflector
    • Snare Agent Management Tools

References

[edit]
  1. ^ "InterSect Alliance". Retrieved 2008-06-23.
  2. ^ a b "Sensage" (PDF). Archived (PDF) from the original on 2008-08-27. Retrieved 2008-06-24.
  3. ^ "Cisco". Retrieved 2008-06-24.
  4. ^ "LogLogic". Archived from the original on 2008-02-21. Retrieved 2008-06-24.
[edit]