Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

New Snare Agents - Released

by

We are pleased to announce the release of three new Enterprise Snare Agents, the Snare Agent for MAC OSX, and two browser Agents - Firefox and Chrome.

Snare for OSX allows event logs from the OSX subsystem to be collected from the operating system, and forwarded to a remote audit event collection facility after appropriate filtering. Snare for OSX operates as an ‘audit dispatcher’ application that receives the audit log data, with Snare directing auditd to generate events that will electively filter out event data that you are not interested in, formats the resulting data into something that is more suited to follow-on processing, and delivers it to one or more remote systems over the network. Snare for OSX is known to work on OSX 10.7 (Lion), OSX 10.8 (Snow Lion), OSX 10.9 (Mavericks).

When you access a web site, your Firefox browser connects to the main destination page, downloads the HTML data, and then attempts to access any additional files referenced by the page in question; these may be images, cascading style sheet files, or a range of other alternatives. Snare will log each of these access requests, and report the details of the transaction.

The Snare for Chrome agent provides a valuable audit trail of user activity, and by association, any malicious activity injected by remote sites into the users’ web requests. Data is passed to a Snare Server, or compatible application, for analysis, and includes information on the URL accessed (ie: the web page, or image, or cascading style sheet), the date/time, the length of the request, the response, and the page from which the resource was requested.

The two browser agents are provided at no cost to those that have already purchased the Snare Product Suite.

Snare Server Updates

by

Snare Server Version 6.3.2 has been released. The product update features:

New Features:

  • Added support for the upcoming V4.0.0 releases of the Snare Enterprise Agents for Linux and Solaris.
  • Added a new objective for Windows USB events into the default objectives installed as part of a fresh install of the Snare Server

In addition to the previous updates which included the following new features:

  • Support was added into the collection system for the AppleBSM audit events provided by the new Snare Agent for OSX (to be released in the near future).
  • An option was added to the Configuration Wizard to allow customers to disable the daily Pre-Cache functionality, if instructed by a Snare Support Representative. This option disables the daily pre-cache functionality of the internal Snare Database, which can, in rare instances, use more resources during the caching process than are actually saved during the report generation process when caching is enabled.
  • With larger and larger drives being used for the storage of log data, the ‘percentage free space’ warning and problem threshold settings on the Snare Server Health Checker, have been migrated to a ‘gigabytes free’ model. As part of the server update process, your previous settings will be automatically converted to the new format.

Complete Release Note: Snare Server Version 6.3.2 Release Notes

Detecting Advanced Persistent Threats with Enterprise Snare Agents

by

Advanced Persistent Threats, better known as APT’s, are gaining a lot of media attention lately.

Unlike traditional malware, these are stealthy, performing various sequences of activities to avoid detection. An APT is a targeted attack that seeks to harvest critical information, such as proprietary data, source code, or operational plans. click here

Snare System Updates

by

Symtrex is please to announce the latest updates on the Snare System. These updates include:

Enterprise Snare Agent for Windows Version 4.2 - Within this release a number of updates have been added to assist organizations in managing the configuration and the output of the events logs, including the ability to use a plugin for the Microsoft Group Policy Editor, truncating large verbose event data as well as throttling the EPS on each agent to allow for burst activity during the day. Please see Snare For Windows 4.2 Release Notes .

Enterprise Epilog for Windows and the Enterprise Snare Agent for MS SQL, also have added the plugin for the Microsoft Group Policy and the event throttling - Please see Snare Epilog for Windows 1.7 Release Notes andSnare for MS SQL 1.2 Release Notes.

The Snare Server Version 6.2.2 has also been released, with this new release there are a number of feature enhancements including optimized users and groups import speed, and support for the Windows 4.2 Agent. Please see Snare Server Version 6.2.2 Release Notes.