Have an idea?

Share it with us or vote on other people’s ideas. Our product team is listening.

Snare




Welcome to the user feedback forum for Snare, a suite of security and compliance products that range from small footprint, highly effective device and network logging and log-management tools through to advanced IT infrastructure threat protection solutions.
  1. AWS cloudtrail collection

    Add the functionality to collect from AWS cloudtrail and parse aws logs.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Central  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure event hub collection

    Add the functionality to collect from azure event hubs and parse azure logs.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Central  ·  Flag idea as inappropriate…  ·  Admin →
  3. Report Scheduling Permissions

    We are currently on version 8.3.1 of the SnareCentral Server. In this version, in order to be able to schedule reports you need to have either an admin or superuser. There are users that we would like to be able to schedule reports without having to give them an admin role. In a future release it would be helpful to able to do this. Thanks.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Include Geo-location for generic syslog report type

    Please make geo-location data available for generic syslog report type. We have configured a regex token for source IP and it would be nice to display geo info for the field. Thanks.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Central  ·  Flag idea as inappropriate…  ·  Admin →
  5. Reduce VDI Licence refresh from 3 days to 1 day

    For VDI deployments reduce SAM minimum 3 days to 1 day or on End of a Session for VDI so licences are released at earliest point. Major Fujitsu VDI project need this.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agent Manager  ·  Flag idea as inappropriate…  ·  Admin →
  6. Have a Snare/Prophecy SNMP OID for outbound traps and polling

    It would be helpful to have a Private Enterprise Number (PEN) assigned to Snare and/or Prophecy to identify outbound traps. 24 is a really generic OID to use as default.

    Application can be made at: https://pen.iana.org/pen/PenApplication.page

    This could populate the trap SNMP OID in the config wizzard, and also be used in the snmpd.conf to identify the polled servers as Snare instead of generic Net-SNMP.

    It does not require any changes in design, simple config items.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Central  ·  Flag idea as inappropriate…  ·  Admin →
  7. Stand alone Linux SAM.

    There is a Windows version of the SAM available for download. There should also be a Linux version of this for download too. This way you don't need to purchase a Snare central server when it's not needed. Also this way it can be installed on a shared server.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agent Manager  ·  Flag idea as inappropriate…  ·  Admin →
  8. Select multiple agents at once and increase agent failout to more than 100

    Can you please add the ability to select more than one agent in the SAM at once for agent upgrades? We have implemented tagging, thinking that we would be able to select everything for a certain tag, and deploy the agent upgrades to those assets at once, but we are only able to select one agent at a time. We should be able to deploy to a tag as well. With 6000+ agents listed, selecting each is time consuming!
    Also, can you please add the ability to increase the failout limit to more than 100 before everything stops?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agent Manager  ·  Flag idea as inappropriate…  ·  Admin →
  9. Possibility to export event search data to pdf or txt or csv

    Ability to export data from the event search module to a pdf file or txt file or csv file.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Central  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for sharing this suggestion. This enhancement is in progress with the Snare Development Team to support CSV exporting of search results. Future updates will enhance this to handle PDF and other formats.

    Further updates will be provided when the release is being packaged.

  10. Capturing Snare Agent installation date and time

    Request to have a feature that capture the Snare agent installation date and time from the Snare Agent console (5.3.3) or Snare Agent Manager console as this information is needed sometimes for troubleshooting.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Annotation Capability on Single Events for Compliance Purposes

    For compliance purposes (NIST, CMMC, etc) customers want the ability to annotate single events with comments on the logs. These comments would appear on any report that this log shows up on. It also shows to auditors that the logs are being reviewed.

    Ex. Log with escalated privileges, be able to annotate that it was a result of adding a new user to the organization and this was a known action.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. API call to add devices into the SAM

    Would be very helpful to have an API call to the SAM to add new agents into the SAM.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agent Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to select the different destinations for objects in the Snare Agent

    In the Snare agent now you can set multiple destination. Would be helpful if for each object defined in the agent you can set what destination is used or multiple destination.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
  14. Office 365 Logs to be integrated into Snare via the Office 365 Management API

    We are currently moving our office environment to the local server based environment to and Office 365 environment. We would like to be able to collect Office 365 into our SIEM and make auditing easier. Office 365 seems to be the software for many moving forward, especially in the current circumstances of COVID-19 and working remotely.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
  15. Event Trace Log (ETL) - Microsoft DNS Server Analytic Logs

    As a Snare Enterprise agent user I desire the ability to read and transmit via syslog Event Trace Log (ETL) files. One example in which this feature would be valuable is the reading and transmission of Microsoft DNS Server Analytic Logs.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Snare Agent to automatically select a certificate

    The customer must currently select the Certificate to be used.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
  17. Snare Agent caching for Flat Files

    I would like to see a "counter" for the Flat File monitoring by the SAM agent. I understand that the Snare agent is able to resend the logs by resetting the counter inside the target computer's registry. Can we have this for the Flat File Monitoring as well?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
  18. TLS Mutual Authentication for Windows Snare Agent

    Besides plan TLS and TLS Auth, allow TLS Mutual Authentication (where both the agent and destination have certificates and must verify each other).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
  19. Snare Agents TLS setting to disable TLS CRL verification

    most common TLS clients (web browsers) don't check CRLs (cert revocation lists) or do soft failure. It would be nice to do the same in SNARE, so that CRL fetch outage doesnt cause logging outage

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
  20. Customisation of Snare logging formats for different event types (especially for Linux) so our SIEM can understand them

    Snare logs when installed on Linux do not send syslog + FIM events in a format that a SIEM like QRadar, Arcsight, AlienVault, Splunk natively understand. This is because the Snare agent re-writes the log. We want to be able to send those logs in their native format or a custom format we choose.This way, we can send Linux logs in their native format and send FIM logs that look different so the SIEM can handle them differently. This is currently why we don't use or recommend Snare for Linux FIM monitoring.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Snare Agents  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base