|
|
|
|
| News | SolutionaryIAI is very proud to announce that Solutionary has selected Snare as their technology partner for the ActiveGUARD managed service platform. | InterSect Alliance InternationalAs some are already aware, InterSect Alliance was recently purchased by Prophecy International, and is now InterSect Alliance International Pty Ltd. More good news to come. | |
|
The Snare and Epilog agents, from InterSect Alliance, are considered
to be the de-facto industry standard for eventlog and audit log collection.
The agents are available in two different versions:
- The Snare, and Epilog Enterprise Agents - The industry standard for capturing and filtering audit and event log data, in a supported package, and with an enterprise-level feature set, including guaranteed delivery, encryption, and custom event sources.
- Snare, and Epilog: Open source editions - Audit and event log collection, with code available under the terms of the GNU Public License.
| Feature | Enterprise Edition | Open Source Edition |
|---|
| Guaranteed message delivery (TCP) |  | |
| Event log caching | | |
| Encryption (with the Snare Server) | | |
| Log message simulcasting | | |
| Dynamic DNS support | | |
| Centralized configuration management | | |
| Custom Windows eventLog sources | | |
| Vendor product support | | |
| Easy to use installer | | |
| Filter for events of interest | | |
| Remote control interface | | |
| View local and network users and groups | | |
| View local Registry configuration | | |
| UDP and Syslog destination options | | |
| Non-GUI install option | | |
| Upgrade option to preserve existing configuration settings | | |
| Debug mode | | |
 |
Snare Agent for Solaris
Snare for Solaris provides front end filtering, remote control, and remote distribution for Solaris audit data, interfacing with the underlying Sun "Basic Security Module".
Snare for Solaris can be used as a standalone auditing tool, or can send data to the Snare Server for analysis and storage.
Snare replaces the normal Solaris C2 Audit collection and reporting subsystem, minimising client resource utilisation, and administrative overhead.
The Solaris BSM C2 Audit Subsystem allows users to record operating system events to a local or NFS mounted filesystem. Details on this functionality can be found from the Snare for Solaris documentation, available from our 'Resources' page.
The Solaris C2 audit daemon writes binary event data to the local file system, utilising local workstation/server disk resources for temporary storage, and administrator resources to facilitate the conversion of binary audit data to a usable text format suitable for incident analysis. In cases where events have been selected that produce a large volume of audit information (for example file "open" events), hundreds of megabytes, or even gigabytes, need to be allocated for storage on the client machine. This process utilises significant system and administrator resources that are often more appropriately allocated to the normal operational tasks that the workstation or server performs.
On a large network of Solaris servers and workstations, the management overhead can quickly become onerous, particularly when audit log data needs to be transferred to a central server for consolidation, analysis and archive.
InterSect Alliance have developed software that interfaces with the Solaris auditsvc() system call to convert audit events to text format, then send the converted data back to a central location over the network (via UDP) in real-time, allowing security administrators to implement a centralised audit collection, analysis and archive facility with minimal audit client resource utilisation.
Snare is currently used by hundreds of thousands of individuals,
and organisations worldwide. Snare for Solaris is used by many large Financial,
Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to
meet elements of local and federal security requirements, such as:
- ACSI 33
- GLBA (Gramm-Leach-Bliley Act)
- Sarbanes Oxley (SOX)
- C2 / CAPP
- DCID 6/3
- DIAM 50-4
- DDS-2600-5502-87 Chapter 4
- NISPOM Chapter 8
- HIPAA
- PCIDSS
- California Senate Bill 1386
- USA Patriot Act
- Danish Standard DS-484:2005
- British Standard BS7799
|
Snare for Solaris (formally known as BackLog for Solaris) is available under the terms of the GNU Public Licence.
|
|
SNARE GUI - Main Window
|
SNARE GUI - Audit Configuration
|
SNARE GUI - Objective Configuration
|
SNARE GUI - Event Details
|
SNARE Micro-Web server - Remote Control Configuration
|
|
|
Documentation for Snare for Solaris is available from our resources page
| The Sourceforge development website shows support for the open source development community by providing SNARE with a
home away from home, and Snare support forums. | |
|
|
Snare for Solaris downloads:
Like to keep up to date with Snare releases? Sourceforge offer an email notification service that will send you an email each time we release a new version of Snare. Log in to sourceforge using an existing OpenID compatible account, then jump to the Snare tracker page, and hit the 'Monitor' button, to set this up.
|
|
Snare Server |
With its' origins in open source software, the Snare Server from InterSect Alliance provides a central collection, analysis, reporting and archival tool for a very wide variety of log formats. Click here for more information |
Snare Demonstration |
 Snare Introduction  Snare Agents  Snare Server Click on a video above, to find out more about Snare and to access the Snare Demonstration Server |
|
|
![[InterSect Swish]](/images/Right-Swish.jpg)
