Snare Enterprise Agent for Windows for WEC

Interested in an agent capable of processing the Windows Forwarded Events log and format the logs so they appear to come from the original host?  Look no further!

The Snare Enterprise Agent for Windows for WEC is a new agent with the same features and functions as the Snare Enterprise Agent for Windows but also will allow event logs collected by the Windows operating system on Microsoft WEC configured systems, only to be forwarded to a remote audit event collection facility or SIEM, such as Snare Central.  It is only licensed to run on server versions of the Microsoft Windows platforms.

The Snare WEC agent has a modified objective that includes an additional checkbox to collect from the Windows ‘Forwarded Events’ custom event log, which is used to collect logs using the Microsoft event log subscription process and uses WinRM to poll the remote hosts to collect the event logs.

Further Information

  • A short video on Snare WEC agent and Windows Event Forwarding.

Available from version 5.0.2, for further information contact your Snare Sales representative for an evaluation license.

/by

Snare IBM App Exchange 1.1.0

Snare has released an IBM App Exchange update for the IBM QRadar software. The Snare Log Analysis QRadar application is designed to provide an overview dashboardof auditing log activity that the Snare for Windows Agents are sending to the QRadar System.

A new application v1.1.0 and user guide have been released on the IBM App exchange portal.   The update includes many new features covering:

  • USB activity
  • Administration events
  • Logon success and failures
  • Process command execution information.
  • Threat Analysis
  • Filtering enhancements

In addition, events can be correlated together and matched against known fingerprints to detect possible threats on the network including an example of detecting the Rubber Ducky events from using this USB device. The main dashboard and other screens have also had a makeover to provide an enhanced user experience. Filtering has also had a makeover with enhanced date ranges to find logs for particular users or systems.

/by

Snare on the IBM App Exchange

Snare now has an application on the IBM App Exchange for IBM QRadar. The Snare Log Analysis QRadar application offers overview and drill down functionality providing users with a detailed view of event file and registry auditing activity collected by Snare and sent to QRadar. Filters can be applied to restrict the view to specific users, host systems, files/registry area accesses including the log types that were collected over the specified time period. If you are a current IBM customer you should check it out on the App Exchange.

The new application is freely available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development among the security community will help organizations adapt quickly and speed innovation in the fight against cyber crime.

This is part of Intersect Alliance’s on going efforts to improve the logging and SIEM endeavors of every company regardless of their goals or tech stacks. For the full press release, download here.

/by