Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Snare Agent for Linux

by

We are pleased to announce the updated Snare Agent for Linux has been released. Our clients can login to their client areas to download the latest version.

The latest version has some added features/enhancements:

  • Implement Exclude Rules in Linux agent
  • LastLogins options needs to be implemented
  • Various UI pages are formatted incorrectly
  • Config file permissions need modification

Download the Release Notes for Snare Agent for Linux 4.1.0.

Some of the features of the Snare Enterprise Agent for Linux include:

  • Caching of events in case of a network disruption, ensuring that events are not lost
  • Log message delivery with TCP.
  • Log to multiple destinations
  • Encrypt messages between the agent and the Snare Server.
  • Allowing the event log record to be formatted so it is accepted by a SYSLOG server.
  • UTC (Coordinated Universal Time) timestamp format for events instead of local machine time zone format.
  • Allow security administrators to either locally or remotely monitor changes to the agent’s configuration through a standard web browser.

Contact us with any questions

Snare Server Update

by

We are pleased to announce the latest update to the Snare Server - Version 6.3.4. You can view the Snare Server Version 6.3.4 Release Notes.

The Snare Product Suite is comprised of the Snare Server and the Enterprise Snare Agents allowing an organization to capture and report on the relevant security events to assist with compliance and best security practices.

The Snare Product Suite is an enterprise class Security Event Management system that has been designed as either a standalone product or can be used in large organizations to facilitate collection of the security events and send them to a master collector for further analysis or to another SIEM.

To learn more about the Snare Product Suite including the Enterprise Snare Agents, contact us.

Enterprise Snare Agent for MS SQL - Update

by

Updated Snare Agent for MS SQL has been released and is available for our clients. This release has the following Bug Fixes

  • Check Group issues for standalone mode
  • Check Group option does not work for another domain

and Enhancements:

  • Improved -x command output in cluster mode
  • Enhanced debug messages

Download the complete Release Notes for MS SQL Version 1.2.8 or contact us for more details.

Snare Agent Updates

by

Please note that the following Snare Agents have been updated and are now available:

  • Enterprise Snare Agent for Windows
  • Enterprise Snare Epilog for Windows
  • Enterprise MS SQL Agent

These release are primarily to address the following issues with the agents:

  • Registry handle leak -Fix the registry handle leak issue that was causing the increasing number of registry handles. In severe cases, this issue could cause the frequent restart of the Snare service.
  • Man-in-the-middle attack in OpenSSL pre v1.0.1h -An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable Snare Windows Agent (pre v4.2.5) and a vulnerable third party log collector using TLS. This Snare Windows agent is not vulnerable to this attack if a pre v4.2.5 Snare is communicating with a Snare Server. Snare v4.2.5 is built using OpenSSL v1.0.1h that fixes this issue on Snare Windows agent side. Customers are also encouraged to update their log collectors to OpenSSL v1.0.1h so that vulnerability can be removed from both sides.
  • Objective exclude filter bug (Windows Agent Only) -Objectives allow events to be included or excluded depending on various matching criteria. A bug in previous versions resulted in the exclude option only taking full effect when applied to the ‘Event ID’ match objective. All other exclude options were ignored if a wild card match objective was performed after theexcluded match objective. This fix ensures the exclude option works correctly on the whole event including”event id”, “general match”, “user name” and “event source” fields, so that a wild card match objective after the exclude objective does not permit the excluded data.

For complete release notes ->