Snare (software)

Last updated

Snare (sometimes also written as SNARE, an acronym for System iNtrusion Analysis and Reporting Environment) is a collection of software tools that collect audit log data from a variety of operating systems and applications to facilitate centralised log analysis. Enterprise Agents are available for Linux, macOS, Windows, Solaris, Microsoft SQL Server, a variety of browsers, and more. Snare Enterprise Epilog for Windows facilitates the central collection and processing of Windows text-based log files such as ISA/IIS. Snare Enterprise Epilog for Unix provides a method to collect any text based log files on the Linux and Solaris operating systems. Opensource Agents are available for Irix and AIX.

Contents

Snare is currently used by hundreds of thousands of individuals and organisations worldwide to meet local and federal information security guidelines associated with auditing and eventlog collection. [1]

Snare for Windows - Objective configuration Obj conf.png
Snare for Windows - Objective configuration

History

The Snare series of agents began life in 2001 when the team at InterSect Alliance created a Linux kernel module to implement Trusted Computer System Evaluation Criteria auditing at the C2 level.

Agents for Windows, and Solaris soon followed, and additional operating systems, and applications were added to the mix over time.

The Snare Server software was originally designed to meet the needs of Australian-based intelligence agency clients, and distribution was restricted to Australia only. The need for a server solution to complement the increasingly popular Snare agents, pushed the InterSect Alliance team to find overseas partners, and allow distribution internationally.

Distribution

Snare has been described as the 'De Facto standard for Windows event retrieval', [2] and because of its deep roots in the open source movement, coupled with available commercial support options, is used by small non-profit organisations, right up to huge multinational, Fortune-500 companies.

Organisations that produce audit server software that competes with the Snare Server software, such as Cisco, [3] Sensage, [4] and LogLogic , [5] all use and recommend the Snare agents to their customers.

Most agents have both a supported commercial, and an open-source version available.

Design

The Snare agents have been designed to collect audit log data from a host system, and push the data as quickly as possible, to a central server (or servers), for archive, analysis, and reporting.

The central server can be either a syslog server, a Snare Server appliance, or a custom application. Snare agents are also able to push logs over a unidirectional network in order to facilitate log transfer from networks of low classification to networks of higher classification.

The Snare Server is an appliance, or software-only solution, that provides a variety of analysis tools and to facilitate the collection, analysis, reporting, and archival of audit log data.

Snare Product Suite

Related Research Articles

Sun Microsystems Defunct American computer hardware and software company

Sun Microsystems, Inc. was an American company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the Network File System (NFS), and SPARC microprocessors. Sun contributed significantly to the evolution of several key computing technologies, among them Unix, RISC processors, thin client computing, and virtualized computing. Sun was founded on February 24, 1982. At its height, the Sun headquarters were in Santa Clara, California, on the former west campus of the Agnews Developmental Center.

Solaris (operating system) Unix operating system originally developed by Sun Microsystems

Solaris is a proprietary Unix operating system originally developed by Sun Microsystems. It superseded the company's earlier SunOS in 1993. In 2010, after the Sun acquisition by Oracle, it was renamed Oracle Solaris.

This is a list of operating systems specifically focused on security. General-purpose operating systems may be secure in practice, without being specifically "security-focused."

Zabbix Computer system and network monitoring application software

Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides monitoring metrics, among others network utilization, CPU load and disk space consumption. Zabbix monitoring configuration can be done using XML based templates which contain elements to monitor. The software monitors operations on Linux, Hewlett Packard Unix (HP-UX), Mac OS X, Solaris and other operating systems (OSes); however, Windows monitoring is only possible through agents. Zabbix can use MySQL, MariaDB, PostgreSQL, SQLite, Oracle or IBM DB2 to store data. Its backend is written in C and the web frontend is written in PHP. Zabbix offers several monitoring options:

Nagios Core, formerly known as Nagios, is a free and open-source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved.

Clam AntiVirus

Clam AntiVirus (ClamAV) is a free software, cross-platform and open-source antivirus software toolkit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64) and Solaris. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge.

Multi Router Traffic Grapher

The Multi Router Traffic Grapher (MRTG) is free software for monitoring and measuring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form.

IBM Spectrum Protect is a data protection platform that gives enterprises a single point of control and administration for backup and recovery. It is the flagship product in the IBM Spectrum Protect family.

IBM InfoSphere DataStage is an ETL tool and part of the IBM Information Platforms Solutions suite and IBM InfoSphere. It uses a graphical notation to construct data integration solutions and is available in various versions such as the Server Edition, the Enterprise Edition, and the MVS Edition. It uses a client-server architecture. The servers can be deployed in both Unix as well as Windows.

S-PLUS is a commercial implementation of the S programming language sold by TIBCO Software Inc.

Open iT, Inc. is an independent software vendor that specializes in metering, analyzing, and optimizing usage of critical IT assets. It was founded in 1999 by Eistein Fosli, who obtained his Master of Science in Information Technology from the University of Oslo.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Oracle Secure Global Desktop (SGD) software provides secure access to both published applications and published desktops running on Microsoft Windows, Unix, mainframe and System i systems via a variety of clients ranging from fat PCs to thin clients such as Sun Rays.

Puppet (software)

In computing, Puppet is a software configuration management tool which includes its own declarative language to describe system configuration. It is a model-driven solution that requires limited programming knowledge to use.

An automounter is any program or software facility which automatically mounts filesystems in response to access operations by user programs. An automounter system utility, when notified of file and directory access attempts under selectively monitored subdirectory trees, dynamically and transparently makes local or remote devices accessible.

Cisco Security Monitoring, Analysis, and Response System (MARS) was a security monitoring tool for network devices. Together with the Cisco Security Manager (CSM) product, MARS made up the two primary components of the Cisco Security Management Suite.

Linoma Software

Linoma Software was a developer of managed file transfer and encryption solutions. The company was acquired by HelpSystems in June 2016. Mid-sized companies, large enterprises and government entities use Linoma's solutions to protect sensitive data and comply with data security regulations such as PCI DSS, HIPAA/HITECH, SOX, GLBA and state privacy laws. Linoma's solutions run on a variety of platforms including Windows, Linux, UNIX, IBM i (iSeries), AIX, Solaris, HP-UX and Mac OS X.

Octopussy (software)

Octopussy, also known as 8Pussy, is a free and open-source computer-software which monitors systems, by constantly analyzing the syslog data they generate and transmit to such a central Octopussy server. Therefore, software like Octopussy plays an important role in maintaining an ISMS within ISO/IEC 27001-compliant environments.

References

  1. "InterSect Alliance" . Retrieved 2008-06-23.
  2. "Sensage" (PDF). Retrieved 2008-06-24.
  3. "Cisco" . Retrieved 2008-06-24.
  4. "Sensage" (PDF). Retrieved 2008-06-24.
  5. "LogLogic". Archived from the original on 2008-02-21. Retrieved 2008-06-24.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.