Snare (software)

Last updated

Snare (sometimes also written as SNARE, an acronym for System iNtrusion Analysis and Reporting Environment) is a collection of software tools that collect audit log data from a variety of operating systems and applications to facilitate centralised log analysis. Enterprise Agents are available for Linux, macOS, Windows, Solaris, Microsoft SQL Server, a variety of browsers, and more. Snare Enterprise Epilog for Windows facilitates the central collection and processing of Windows text-based log files such as ISA/IIS. Snare Enterprise Epilog for Unix provides a method to collect any text based log files on the Linux and Solaris operating systems. Opensource Agents are available for Irix and AIX.

Contents

Snare is currently used by hundreds of thousands of individuals and organisations worldwide to meet local and federal information security guidelines associated with auditing and eventlog collection. [1]

Snare for Windows - Objective configuration Obj conf.png
Snare for Windows - Objective configuration

History

The Snare series of agents began life in 2001 when the team at InterSect Alliance created a Linux kernel module to implement Trusted Computer System Evaluation Criteria auditing at the C2 level.

Agents for Windows, and Solaris soon followed, and additional operating systems, and applications were added to the mix over time.

The Snare Server software was originally designed to meet the needs of Australian-based intelligence agency clients, and distribution was restricted to Australia only. The need for a server solution to complement the increasingly popular Snare agents, pushed the InterSect Alliance team to find overseas partners, and allow distribution internationally.

Distribution

Snare has been described as the 'De Facto standard for Windows event retrieval', [2] and because of its deep roots in the open source movement, coupled with available commercial support options, is used by small non-profit organisations, right up to huge multinational, Fortune-500 companies.

Organisations that produce audit server software that competes with the Snare Server software, such as Cisco, [3] Sensage, [2] and LogLogic , [4] all use and recommend the Snare agents to their customers.

Most agents have both a supported commercial, and an open-source version available.

Design

The Snare agents have been designed to collect audit log data from a host system, and push the data as quickly as possible, to a central server (or servers), for archive, analysis, and reporting.

The central server can be either a syslog server, a Snare Server appliance, or a custom application. Snare agents are also able to push logs over a unidirectional network in order to facilitate log transfer from networks of low classification to networks of higher classification.

The Snare Server is an appliance, or software-only solution, that provides a variety of analysis tools and to facilitate the collection, analysis, reporting, and archival of audit log data.

Snare Product Suite

Related Research Articles

<span class="mw-page-title-main">Sun Microsystems</span> American computer company, 1982–2010

Sun Microsystems, Inc. was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the Network File System (NFS), and SPARC microprocessors. Sun contributed significantly to the evolution of several key computing technologies, among them Unix, RISC processors, thin client computing, and virtualized computing. Notable Sun acquisitions include Cray Business Systems Division, Storagetek, and Innotek GmbH, creators of VirtualBox. Sun was founded on February 24, 1982. At its height, the Sun headquarters were in Santa Clara, California, on the former west campus of the Agnews Developmental Center.

<span class="mw-page-title-main">Oracle Solaris</span> Unix operating system originally developed by Sun Microsystems

Solaris is a proprietary Unix operating system originally developed by Sun Microsystems. After the Sun acquisition by Oracle in 2010, it was renamed Oracle Solaris.

<span class="mw-page-title-main">Xsan</span> Storage area network by Apple

Xsan is Apple Inc.'s storage area network (SAN) or clustered file system for macOS. Xsan enables multiple Mac desktop and Xserve systems to access shared block storage over a Fibre Channel network. With the Xsan file system installed, these computers can read and write to the same storage volume at the same time. Xsan is a complete SAN solution that includes the metadata controller software, the file system client software, and integrated setup, management and monitoring tools.

IBM Storage Protect is a data protection platform that gives enterprises a single point of control and administration for backup and recovery. It is the flagship product in the IBM Spectrum Protect family.

IBM InfoSphere DataStage is an ETL tool and part of the IBM Information Platforms Solutions suite and IBM InfoSphere. It uses a graphical notation to construct data integration solutions and is available in various versions such as the Server Edition, the Enterprise Edition, and the MVS Edition. It uses a client-server architecture. The servers can be deployed in both Unix as well as Windows.

CVSNT is a version control system compatible with and originally based on Concurrent Versions System (CVS), but whereas that was popular in the open-source world, CVSNT included features designed for developers working on commercial software including support for Windows, Active Directory authentication, reserved branches/locking, per-file access control lists and Unicode filenames. Also included in CVSNT were various RCS tools updated to work with more recent compilers and compatible with CVSNT.

<span class="mw-page-title-main">Crash reporter</span> System software that identify and report crash details

A crash reporter is usually a system software whose function is to identify reporting crash details and to alert when there are crashes, in production or on development / testing environments. Crash reports often include data such as stack traces, type of crash, trends and version of software. These reports help software developers- Web, SAAS, mobile apps and more, to diagnose and fix the underlying problem causing the crashes. Crash reports may contain sensitive information such as passwords, email addresses, and contact information, and so have become objects of interest for researchers in the field of computer security.

S-PLUS is a commercial implementation of the S programming language sold by TIBCO Software Inc.

Open iT, Inc. is an independent software vendor that specializes in metering, analyzing, and optimizing usage of critical IT assets. It was founded in 1999 by Eistein Fosli, who obtained his Master of Science in Information Technology from the University of Oslo.

OSSEC (Open Source HIDS SECurity) is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats.

A home server is a computing server located in a private computing residence providing services to other devices inside or outside the household through a home network or the Internet. Such services may include file and printer serving, media center serving, home automation control, web serving, web caching, file sharing and synchronization, video surveillance and digital video recorder, calendar and contact sharing and synchronization, account authentication, and backup services. In the recent times, it has become very common to run literally hundreds of applications as containers, isolated from the host operating system.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Oracle Secure Global Desktop (SGD) software provides secure access to both published applications and published desktops running on Microsoft Windows, Unix, mainframe and IBM i systems via a variety of clients ranging from fat PCs to thin clients such as Sun Rays.

<span class="mw-page-title-main">Puppet (software)</span> Open source configuration management software

Puppet is a software configuration management tool developed by Puppet Inc. Puppet is used to manage stages of the IT infrastructure lifecycle.

Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.

Cisco Security Monitoring, Analysis, and Response System (MARS) was a security monitoring tool for network devices. Together with the Cisco Security Manager (CSM) product, MARS made up the two primary components of the Cisco Security Management Suite.

An Amazon Machine Image (AMI) is a special type of virtual appliance that is used to create a virtual machine within the Amazon Elastic Compute Cloud ("EC2"). It serves as the basic unit of deployment for services delivered using EC2.

<span class="mw-page-title-main">Linoma Software</span>

Linoma Software was a developer of secure managed file transfer and IBM i software solutions. The company was acquired by HelpSystems in June 2016. Mid-sized companies, large enterprises and government entities use Linoma's software products to protect sensitive data and comply with data security regulations such as PCI DSS, HIPAA/HITECH, SOX, GLBA and state privacy laws. Linoma's software runs on a variety of platforms including Windows, Linux, UNIX, IBM i, AIX, Solaris, HP-UX and Mac OS X.

<span class="mw-page-title-main">Octopussy (software)</span> Log analysis software

Octopussy, also known as 8Pussy, is a free and open-source computer-software which monitors systems, by constantly analyzing the syslog data they generate and transmit to such a central Octopussy server. Therefore, software like Octopussy plays an important role in maintaining an information security management system within ISO/IEC 27001-compliant environments.

<span class="mw-page-title-main">NXLog</span>

NXLog is a multi-platform log management solution that allows to collect logs from various sources, filter log events, transform log data and route (forward) it to different destinations. It's available both as a free-of-charge NXLog Community Edition and as a commercial NXLog Enterprise Edition with enhanced capabilities, including agent management.

References

  1. "InterSect Alliance" . Retrieved 2008-06-23.
  2. 1 2 "Sensage" (PDF). Archived (PDF) from the original on 2008-08-27. Retrieved 2008-06-24.
  3. "Cisco" . Retrieved 2008-06-24.
  4. "LogLogic". Archived from the original on 2008-02-21. Retrieved 2008-06-24.