Centralized Log Management
Store and manage logs from one central, flexible, and easy-to-use platform.
Snare Centralized Log Management (CLM) is the global standard in flexible, central log management and the log collection platform of choice for the Fortune 2000 and leading MSSPs worldwide.
With Snare CLM, you have total control of your logs, allowing you to collect any log from anywhere while managing what data goes where and to how many places. Snare CLM is responsible for archiving logs, remotely managing agents, routing logs to multiple destinations including MSSPs, SOCs and other third party solutions as well as Snare applications.
Snare is Trusted by 4,000+ Customers Worldwide
Why Centralized Log Management Is Critical Right Now
Network log records play an extremely important role in cyber security and log management is a critical part of a well-managed and secure cyber infrastructure. A central log management solution helps in the detection of advanced persistent threats (APT), and anomalous activity both real-time as well as reactively during or following an incident-response event.
With Snare CLM, your security team can:
- Manage all of your network logs in a central location
- Collect any logs from anywhere
- Filter out event and log noise
- Customize what data goes where
- Simplify log analysis and correlation tasks
- Securely store your log data at a 50:1 compression rate (saving on storage costs)
- Reduce SIEM ingestion costs by only sending the log data you need
Snare Centralized Log Management (CLM)
Snare is the global standard in flexible, centralized log management.
Snare’s central log management solutions are currently in use by over 4,000 enterprise customers worldwide.
Snare Enterprise Agents
The industry’s best for Windows, Linux, Unix, macOS, Epilog, etc. – including FIM, RIM, FAM, RAM, and USB solutions.
Windows Agents Veracode Verified. No Java or .NET required
Automated, Real Time Alerting
Alert your security team in real-time to anomalous activities inside the network. This enables faster speed-to-detection and enhanced threat hunting capabilities.
Unlimited, Pristine Data Storage
Snare’s unlimited, pristine log data storage helps keep your company compliant with mandates that require organizations to maintain logs for as long as 7 years.
24x7x365 Support
We have customers all over the globe and on every continent, so we are here to support you whenever you need it.
Snare MS SQL Agent for Database Activity Monitoring (with data masking)
Monitor corporate databases with the Snare MSSQL Agent to support Separation of Duty (SOD). Reduce the risk of data leakage and/or your PCI DSS scope with integrated data masking for sensitive data (PII, Credit Card numbers, SSN, etc.)
Snare Management Center
A centralized management view of multiple Snare Central systems, eliminating the need to visit each system on-site.
Snare Collector / Parser
Leveraging the intelligence of our security product to identify and parse critical event components.
Snare Reports
A complete pack of out-of-the-box logging reports that can be configured and scheduled for delivery to critical team
members daily/weekly/monthly/quarterly to meet your needs.
Snare Compliance Packs
Out-of-the-box reports for PCI DSS, HIPAA, SOX, and others.
Cloud Log Collection & Reporting
Cloud-based log management and reports to support cloud or hybrid environments
Snare Live Dashboards
Real-time, visual thresholds, live data monitoring, and graphical summary reports.
Fixed Cost Plans
Snare’s predictable pricing helps with budgeting and scaling predictably.
Snare Central
The complete Centralized Log Management suite by Snare
Snare Central version 8.5 introduces several updates designed and developed to dramatically improve threat hunting speed and investigation capabilities, maximizing the effectiveness of the SOC.
The latest version of Snare Central features:
- Snare Management Center (SMC) – A centralized management view of multiple Snare Central systems, eliminating the need to visit each system on-site.
- Enhanced automated alerting to improve threat hunting speed
- New log types to expand coverage and enhance investigation capabilities
- Cloud-based log management and reports to support cloud or hybrid environments
Snare Centralized Log Management Server
Store and manage logs
Snare Central is the only solution that gives you total control of your logs, allowing you to collect any log from anywhere while managing what data goes where and to how many places. Snare Central is responsible for archiving logs, remotely managing agents, routing logs to multiple destinations including MSSPs, SOCs and other 3rd party solutions as well as Snare applications.
A Snare Central server can help with the ability to store and manage logs:
- Alerts & Thresholds for alerts to focus on possible IoC events
- Store events on local storage with your automatic retention rules applied
- Up to 50:1 compression facilitates long-term historical forensic storage of security picture
- Report generation and scheduled distribution
- Health checker “Heartbeat”
- Real-time dashboards
Snare Collector / Parser
Ingest Logs from Anywhere
Once logged, data needs to be normalized in order to analyze it. Unstructured data means additional work sifting through noise rather than spending time on intelligence. With the Snare Collector/Parser, you can ingest logs from a variety of places and formats, translate data into a standard format, have log data in a format that can be intelligently sent in “formats” desired, eliminate data lock-in, and the ability to enrich data through tagging.
The Snare Collector / Parser enables you to ingest logs from anywhere and normalize data from disparate systems and formats:
- Server and Desktop Systems
- Network Devices (firewalls, routers, switches, any syslog source)
- IIS, Apache, and other “flat file” sources
Snare Reflector
Flexible Data Handling
Collecting and analyzing logging information from across disparate systems can be complex. The Snare Reflector can cache, filter, and forward logs to centralized systems regardless of their format or final destination. The Snare Reflector is used to unify disparate systems from SIEMs to log management platforms, implementing enterprise logging architecture, and tuning data (and log) flow with unmatched precision.
The Reflector can send data in real-time to one or more destinations, using UDP or TCP with TLS encryption enabled. We send logs in any of major formats including both syslog types 3164 and 5424.
With the Snare Reflector, you will be able to:
- Send only high priority logs to analysis engine(s)
- Divert holistic overview logs to long-term local storage
- Data masking (PCI DSS data, PII data, Credit Card #’s, SSN, etc.) limiting and reducing risk
- Provide an application-level secure tunnel for events (e.g., receive syslog, transport over TLS, then convert back to syslog on the other end) increasing your security
- Multi-tier – Complex environments are handled with ease (Multiple SIEMS, SOC, Data lake, etc…
- Consolidate, correlate, send to concurrent stakeholders throughout the business
- Feed multiple destinations at once, while tailoring what is sent
Asset Management Console
Know what you have and that it is connected and reporting
With Snare’s Asset Management Console (AMC/SAM), you will be able to know that your agents are connected and reporting. The AMC/SAM enables your team to centrally configure endpoint policies, easily and quickly upgrade 100,000’s of agents on endpoints from a central console, and leverage simple & clear updates to ensure all agents and associated policies are current.
Snare’s full Asset Management Console includes full AMC/SAM for managing agents on endpoints:
- Manage agent configurations for endpoints
- Centralized Configuration of endpoint policies
- Tailor policies by groups (Geographic Location, Dept., by IP addresses or types of agents)
- Perform asset agent upgrades centrally (SAM) – (currently for Windows Enterprise and Windows Desktop agents)
Report Pack
Easily pull reports for compliance
Managing and, importantly, analyzing, log data is crucial to staying in front of evolving regulations regardless of what industry you operate in. Event logging and forensic analysis make it easy to comply with these regulations. If an incident occurs, being able to pinpoint exactly what happened is essential to be able to prevent a similar incident from occurring again in the future. A full accounting of what happened may also be required by the relevant authorities.
With Snare CLM, you have access to a report pack for one of the following Security & Compliance Reporting needs:
- PCI DSS
- SOX
- HIPAA*
- ISO 27001*
- Database Activity Monitoring*
- MITRE ATT&CK (full mapping across the entire framework)
- FISMA*
- PIPEDA*
How Snare CLM Enhances Your Cyber Security Capabilities
File Integrity Monitoring (FIM)
Many regulations require the addition of a checksum to detecting file changes, and file permission changes, such as PCI DSS that require the change detection tools be run at least weekly.
File Activity Monitoring (FAM)
Find out who is doing what to your files and when. Who opens, reads, deletes them, and are they supposed to? A critical component to most compliance policies such as PCI DSS, HIPAA, FISMA, ISO27001, NIST, etc.
Multi Destination
Unlimited destinations for logs being sent with different ports, protocols, and formats for each destination. Get the right data, to the right people, at the right time.
Registry Integrity Monitoring (RIM)
Similar to FIM, performing a checksum and tracking the permission changes on the registry is important for identifying changes to key parts of the windows configuration and applications.
Registry Activity Monitoring (RAM)
Most applications maintain their configuration in the registry on Windows platforms. Being able to detect unauthorized changes to an application from changing key registry values is an important forensic tool in determining if the change resulted in unauthorized application activity.
Enterprise Grade
Heartbeats, self-audit, audit policy, data enrichment, data masking, and EPS controls. Windows Agents Veracode Verified. No Java or .NET required.
Database Activity Monitoring (DAM)
Effectively monitor SQL activity within a single database or an entire instance that covers multiple databases.
USB Drives
Tracking removable media and its usage on systems is important for data exfiltration and potential sources of malware and other malicious activity. It is important to track the device activity and if the media was something like a thumb drive or Rubber Ducky device that can be used to steal data or write malware/exploit at 3,000 characters a second and then execute it on the system as the user that is logged-in on the system.
24x7x365 Support
We have customers all over the globe an on every continent, so get support when you need it with our global support.
