Snare

-
Enhancement Request: Capturing Snare Agent installation date and time
Proquire One is requesting to have a feature that capture the Snare agent installation date and time from the Snare Agent console (5.3.3) or Snare Agent Manager console as this information is needed sometimes for troubleshooting.
1 vote -
Possibility to export event search data to pdf or txt or csv
Ability to export data from the event search module to a pdf file or txt file or csv file.
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Support for spaces in user names taken from active directory/LDAP
"space" in the username is not allowed in Snare Central
1 vote -
Annotation Capability on Single Events for Compliance Purposes
For compliance purposes (NIST, CMMC, etc) customers want the ability to annotate single events with comments on the logs. These comments would appear on any report that this log shows up on. It also shows to auditors that the logs are being reviewed.
Ex. Log with escalated privileges, be able to annotate that it was a result of adding a new user to the organization and this was a known action.
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
API call to add devices into the SAM
Would be very helpful to have an API call to the SAM to add new agents into the SAM.
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Ability to select the different destinations for objects in the Snare Agent
In the Snare agent now you can set multiple destination. Would be helpful if for each object defined in the agent you can set what destination is used or multiple destination.
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Office 365 Logs to be integrated into Snare via the Office 365 Management API
We are currently moving our office environment to the local server based environment to and Office 365 environment. We would like to be able to collect Office 365 into our SIEM and make auditing easier. Office 365 seems to be the software for many moving forward, especially in the current circumstances of COVID-19 and working remotely.
2 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team
-
Event Trace Log (ETL) - Microsoft DNS Server Analytic Logs
As a Snare Enterprise agent user I desire the ability to read and transmit via syslog Event Trace Log (ETL) files. One example in which this feature would be valuable is the reading and transmission of Microsoft DNS Server Analytic Logs.
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Snare Agent caching for Flat Files
I would like to see a "counter" for the Flat File monitoring by the SAM agent. I understand that the Snare agent is able to resend the logs by resetting the counter inside the target computer's registry. Can we have this for the Flat File Monitoring as well?
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
TLS Mutual Authentication for Windows Snare Agent
Besides plan TLS and TLS Auth, allow TLS Mutual Authentication (where both the agent and destination have certificates and must verify each other).
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Enable Snare Agent to automatically select a certificate
The customer must currently select the Certificate to be used.
6 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Snare Agents TLS setting to disable TLS CRL verification
most common TLS clients (web browsers) don't check CRLs (cert revocation lists) or do soft failure. It would be nice to do the same in SNARE, so that CRL fetch outage doesnt cause logging outage
2 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Customisation of Snare logging formats for different event types (especially for Linux) so our SIEM can understand them
Snare logs when installed on Linux do not send syslog + FIM events in a format that a SIEM like QRadar, Arcsight, AlienVault, Splunk natively understand. This is because the Snare agent re-writes the log. We want to be able to send those logs in their native format or a custom format we choose.This way, we can send Linux logs in their native format and send FIM logs that look different so the SIEM can handle them differently. This is currently why we don't use or recommend Snare for Linux FIM monitoring.
3 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Add SNMP support to Snare Central
SNMP enabled for query on the Snare Server to monitor health of our Snare server.
3 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Multiple account available for use with SAM
The Snare Agent Manager has only a single login available for use. This causes a problem in providing the login to users that you don’t wish to have administrative access to the SAM.
3 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Bulk actions - Delete multiple agents from database at once
Right now if you want to clear out old agents (usually Legacy agents) you have to delete them individually. When you have over 1000 of them it is unworkable. Provide option to "select all" or select all from a filter and do bulk delete on them.
2 votesThis task is being reviewed by the Snare Development Team
-
Snare Agent Manager settings to restrict the IP address that accesses the WebUI
The customer would like to have the same method that we use to restrict access to the WebUI for the Agents added to the SAM.
2 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
1 vote
Thank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Show how much data is being reflected to a destination on a daily, weekly or monthly type report
Need to show how much data is being reflected in executive reports. The current Snare Central Reflector page only shows a rolling 24 hour volume.
2 votesThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
-
Add multiple networks in batch (import from CSV or just paste a list of networks)
Allow the user to add multiple networks to the SAM at once, either by importing a list of networks or pasting in a list of networks.
1 voteThank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.
- Don't see your idea?