There is a Windows version of the SAM available for download. There should also be a Linux version of this for download too. This way you don't need to purchase a Snare central server when it's not needed. Also this way it can be installed on a shared server.

Can you please add the ability to select more than one agent in the SAM at once for agent upgrades? We have implemented tagging, thinking that we would be able to select everything for a certain tag, and deploy the agent upgrades to those assets at once, but we are only able to select one agent at a time. We should be able to deploy to a tag as well. With 6000+ agents listed, selecting each is time consuming!
Also, can you please add the ability to increase the failout limit to more than 100 before everything stops?

Request to have a feature that capture the Snare agent installation date and time from the Snare Agent console (5.3.3) or Snare Agent Manager console as this information is needed sometimes for troubleshooting.

For compliance purposes (NIST, CMMC, etc) customers want the ability to annotate single events with comments on the logs. These comments would appear on any report that this log shows up on. It also shows to auditors that the logs are being reviewed.

Ex. Log with escalated privileges, be able to annotate that it was a result of adding a new user to the organization and this was a known action.

Would be very helpful to have an API call to the SAM to add new agents into the SAM.

In the Snare agent now you can set multiple destination. Would be helpful if for each object defined in the agent you can set what destination is used or multiple destination.

As a Snare Enterprise agent user I desire the ability to read and transmit via syslog Event Trace Log (ETL) files. One example in which this feature would be valuable is the reading and transmission of Microsoft DNS Server Analytic Logs.

We are currently moving our office environment to the local server based environment to and Office 365 environment. We would like to be able to collect Office 365 into our SIEM and make auditing easier. Office 365 seems to be the software for many moving forward, especially in the current circumstances of COVID-19 and working remotely.

I would like to see a "counter" for the Flat File monitoring by the SAM agent. I understand that the Snare agent is able to resend the logs by resetting the counter inside the target computer's registry. Can we have this for the Flat File Monitoring as well?

Besides plan TLS and TLS Auth, allow TLS Mutual Authentication (where both the agent and destination have certificates and must verify each other).

most common TLS clients (web browsers) don't check CRLs (cert revocation lists) or do soft failure. It would be nice to do the same in SNARE, so that CRL fetch outage doesnt cause logging outage

SNMP enabled for query on the Snare Server to monitor health of our Snare server.

Allow the user to add multiple networks to the SAM at once, either by importing a list of networks or pasting in a list of networks.

The customer would like to have the same method that we use to restrict access to the WebUI for the Agents added to the SAM.

Have the WebUI's timeout changed or have an option to adjust the timeout time

Snare logs when installed on Linux do not send syslog + FIM events in a format that a SIEM like QRadar, Arcsight, AlienVault, Splunk natively understand. This is because the Snare agent re-writes the log. We want to be able to send those logs in their native format or a custom format we choose.This way, we can send Linux logs in their native format and send FIM logs that look different so the SIEM can handle them differently. This is currently why we don't use or recommend Snare for Linux FIM monitoring.

Pattern Map Details in reports do not allow selection of columns. Certain fields such as DETAILS and STRING are large and take up a large amount of screen estate.

Although the Tabular details allows inclusion or exclusion of fields the Pattern Map’s details does not allow that customization and shows fields that are not desired.

Snare Central does not currently have an option to save logs in an uncompressed format.

The customer must currently select the Certificate to be used.