“Who did what, when, where and why?”
Centralized Log Management and Analysis is essential to assuring the integrity of critical logs, achieving compliance with the growing list of regulations, and internal security requirements.
The process of transmitting log files across public or even private networks can work against these objectives. The ability to perform these tasks in the past have been complicated, costly and time consuming, until now.
The SNARE System is a Security Information Management tool which is comprised of two components - SNARE agents and the SNARE Server. The system, which is developed by Intersect Alliance, is one of the most comprehensive tools, providing real time data collection, monitoring console, data filtering and event aggregation at the source through the use of the SNARE agents.
The Snare System Product Overview
The Snare System provides clear, concise, accurate reporting of the information that is pertinent to your organizations security and audit requirements. Download the Snare System Datasheet
The Snare Server provides a dashboard to view of all pertinent audit events from a heterogeneous network. All incoming events (from Snare Agents and from system log enabled devices) are received into a Snare Server enabling them to be analyzed, recorded and reported based on the corporate audit requirements. The Snare Server has a large library of security objective reports, in addition to the ability to create adhoc reports or adjust the templated security objectives, providing flexibility to an organizations reporting structure. These comprehensive reports can then be automatically emailed to the security individual responsible for those systems and audit requirements on a daily, weekly or monthly basis. The reports can also be viewed from the web interface interactively.
The Snare Agents have been developed for a number of applications and operating systems such as Windows, Solaris, AIX, Irix, Linux, ISA, IIS, etc. The Agents are installed and configured on systems that are to be monitored for specific audit activity. They forward only those events that match the configured audit criteria to the Snare Server. The Open Source Agents are licensed under GPL and can be downloaded from sourceforge.
The Snare Enterprise Agents have been developed for use with the Snare Server or other SIEM product and provide added functionality. The Enterprise agents have been developed for Windows, Solaris, Linux, AIX, Irix plus two Epilog Agents for Windows and Unix which enable collection of the application log files for such items as ISA, IIS, Exchange, Squid, and Apache. In addition there is an MS SQL Agent.
The Snare System Toolset allows for a consolidated view of all your audit requirements on your network.
The data is accumulated in a datastore which can be archived for forensics and archival purposes, archived by date and by machine/IP Address. The data itself is stored in a text delimited format, which can be accessed on demand and be imported into third party reporting/analysis software tools if required.
The Snare Server is supplied as an ISO image via a download from your client area, or a fulfillment package can be ordered.
Contact us for more information or request a quote.
