The Snare Enterprise Agents build upon the hugely popular open source Snare Agents by providing extensions specifically designed to greatly enhance the 3 pillars of information security: Confidentiality, Integrity and Availability of critical log data.
Enterprise Agents are available for Windows (for use up to and including Windows 2012), Linux, Solaris, AIX, Irix, Epilog Agents for Windows and Unix, and MS SQLThe Agents can be used to collect the event logs and send to either the Snare Server or other SIEM products.
The benefits of using the Enterprise Agents are numerous, and include:
- Access to the official support mechanism for Snare agents.
- The ability to quickly and easily gather the necessary information to comply with NISPOM, PCI, SOX or other regulatory requirements.
- Access to all future Snare Enterprise Agent versions and upgrades (included as part of the annual maintenance fee).
Feature summary - Open Source Versus Enterprise are detailed below:
| Feature |
Open Source Agents
|
Enterprise Agents
|
| Vendor Support - updated and supported for compliance |
 |
|
| Windows 2012/Windows 2008 |
|
|
| Capture All Windows Event Logs - |
|
|
| Event Log Caching - caching of events in case of network disruption or server maintenance |
|
|
| Sending logs via TCP |
|
|
| Encryption with TLS/SSL or 3DES - protecting the confidentiality and integrity of log messages in transit |
|
|
| Monitor Registry Events - ability to apply auditing to sections of the registry and report changes |
|
|
| Dynamic DNS - provides uninterrupted operation |
|
|
| USB Devices - ability to monitor the use of USB devices and removable media |
|
|
| UTC Time Zone |
|
|
| Agent Heartbeat |
|
|
| Multiple destinations or log simulcasting |
|
|
| Single MSI - a single smart MSI for all windows platforms |
|
|
| Monitor Policy Status - the agent sends an audit event any time it attempts to make a change to the local security policy |
|
|
| Group Policy Support |
|
|
| Centralized configuration management (only with the Snare Server) |
|
|
| Regular expression for General Search Match - allows matching event text using Perl Compatible Regular Expression syntax giving more flexible search options |
|
|
| Truncation of Verbose Event Text - to reduce server resource wastage, events may be truncated by matching on simply text phases |
|
|
| Light on Resources |  |
|
| Real Time Event Filtering | |
|
| Installer | |
|
| UDP | |
|
| Locale Date Information | |
|
| Latency and Real Time | |
|
| Easily Tailorable to Event Log Format | |
|
| Remote Control Interface | |
|
| Native OS Audit Control | |
|
| Upgrading | |
|
For more information, please contact us , the Enterprise Snare Agent Datasheet or request a quote.
