InterSect [InterSect Swish]
Search Our Site
  Enter Search Terms
News
Snare for Windows - Snare for Windows Version 3.1.7 is now available. This release includes some web interface updates.
NISPOM and PCI An appendix to the Snare Server User's Guide now contains guidance on how to comply with NISPOM and PCI Data Security Standard
Snare Server Version 4.6 is now available with real time reporting. This new version includes a single CD installation for all packages and the OS.
Stats on the agent downloads and visits to our web server are avialble from Statistics.
The Snare Server is capable of receiving logs from CISCO Routers, Switches, and Firewalls via the syslog protocol.

Supported devices include, but are not limited to: CISCO PIX, CISCO Routers, CISCO 6500 Firewall, CISCO NAS 5300 RAS Logs, and Router logs that have been passed through the 'WhatsUp' collection software.

The Snare Server also provides the capability to connect to the Router or Firewall administrative interface, and download a current copy of the network device access controls. These access controls can be compared against a known 'authorised' ruleset, with changes highlighted to the auditor.

The Snare Server can filter on a wide variety of fields within the CISCO source data, including:
  • Date/Time
  • Source Address
  • Destination Address
  • Destination Port
  • Packet ReturnCode (success/failure/information)
  • Event Criticality
  • Source Firewall
  • Action (accept / drop)
  • Source Interface
  • Source Port
  • Protocol

Snare can provide drill-down access to the raw log data, via overview components such as a '15 minute pattern map', and horizontal bar graphs by source/destination/destination port.



Dec 7 15:33:45 10.0.0.1 Dec 07 2005 15:33:44: %FWSM-5-304001: 123.23.23.123 Accessed URL 21.22.23.24:http://mywebserver.myorg.com/homepage/index.html
Dec 7 15:33:45 10.0.0.1 Dec 07 2005 15:33:44: %FWSM-6-302001: Built outbound TCP connection 1 for faddr 66.16.62.14/80 gaddr 19.19.70.22/63782 laddr 17.77.78.27/1308
Dec 7 15:33:45 10.0.0.1 Dec 07 2004 15:33:44: %FWSM-6-302002: Teardown TCP connection 1 faddr 28.12.15.21/80 gaddr 19.11.74.20/63322 laddr 17.37.14.10/1446 duration 0:00:00 bytes 1836 (Unknown)

40w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async122, changed state to up
40w5d: %ISDN-6-CONNECT: Interface Serial4:15 is now connected to 3048428739
40w5d: %ISDN-6-DISCONNECT: Interface Serial4:11 disconnected from 7195458167 , call lasted 270 seconds

184697: 3w3d: %SEC-6-IPACCESSLOGDP: list TsyATMIn denied icmp 14.10.29.10 -> 19.19.50.255 (8/0), 1 packet
184698: 3w3d: %SEC-6-IPACCESSLOGP: list TsyATMIn denied tcp 21.6.20.95(11879) -> 19.19.44.22(80), 1 packet

20041221 113634 EVENT Syslog/Unsolicited 10.80.10.4 <139>46006: Dec 21 10:36:33.224 AEST: %PS-3-MULTFAIL: There is more than one failure with the Power System 2; please resolve problems immediately
Snare Server
The Snare Server builds on the success of our Open Source audit & event log agents. When used in combination, our Snare agents, and Server provide a robust and effective resource for event log management.

Snare Server Snort Report
This link will take you to a small report exported from our Snare Server, that shows attacks against our website
Copyright (c) 1999-2010 InterSect Alliance Pty Ltd