The newly released SNARE Enterprise Agent for Windows v220.127.116.11 is now compatible with Windows 2012 and Windows 8 and is a free upgrade for customers with a current support and maintenance agreement. Additional security features in this release include: Group Policy Support, Registry Auditing, and Heartbeat.
Group Policy Support: The SNARE Agent for Windows will now check the MS Policy location, as the primary source for configuration settings. This means that Group Policy Objects (e.g. ADM files) can be used to configure the agent in an easy and widely supported way, without needing to set "preferences", a.k.a. tattooing. Check with support for details on the currently available ADM.
Auditing using "MACHINE\keyname" in the general search term: SNARE for Windows now has the ability to apply auditing to sections of the registry (only HKLM is available with this release). To enable registry auditing, ensure "automatically set file audit" is enabled, create a new objective, select "access a file or directory" from the high level settings and enter "MACHINE\keyname" in the General Search Term.
Heartbeat: The SNARE Agent for Windows can now send out regular heartbeats, letting the collecting device know that the agent is still awake without having to make contact. SNARE Agents can send status messages to the collection device, including: memory usage, service start and stop messages, and any errors or warnings triggered during operations.
SNARE Windows Event Log Agents are available in two versions: the free Open Source Agent (GNU/GPL licensing) and the SNARE Enterprise Agent, which is licensed by Intersect Alliance and supported by SNARE Alliance, LLC in the United States. SNARE Enterprise Agents, including the enhanced v18.104.22.168, have ease-of-use and security functions that are far above what is addressed by SNARE Open Source Agents, and are needed for security audits and regulatory compliance, such as: PCI, SOX, HIPAA, including:
Ease-of-Use Features, not offered in SNARE Open Source:
- Microsoft Installer Utility allows MSI Compliant Applications to be Remotely Deployed
- Dynamic DNS: Dynamically Changes the Destination Server in the Event of a Network or Site Failure
- Log Message Simulcasting to Multiple Destinations for Redundancy, Disaster-Recovery & Correlation Purposes
- Centralized Agent Configuration (with the SNARE Agent Admin Console)
- Wildcards to reference Epilog files
- Works with 3rd Party SIEM Solutions
- Official Vendor, Product and Technical Support
Enhanced Security Features, not in SNARE Open Source:
- TCP/IP for Event Log Delivery Confirmation
- Configurable Event Log Caching and event marking for 'Off line" events and network interruptions
- Processing of the Custom Windows Event Logs not accessed by the Open Source Agent
- Agent Heartbeat for monitoring agent shut down or stopped.
- Encryption capabilities for in transit security (with SNARE Server)
SNARE Agents are available with the SNARE Server or stand alone and can be used with most other SIEM solutions.
About SNARE Alliance, LLC
SNARE Alliance (snarealliance.com) is a security software value added sales and service organization and an authorized supplier of SNARE Servers and Enterprise Agents in the United States. SNARE Alliance offers fast and cost effective ways to learn about and license SNARE software and support. SNARE software that is supplied by SNARE Alliance, includes an annual maintenance agreement and customer service support. SNARE Alliance is backed by product licensing, software maintenance and second level technical support from Intersect Alliance, the author and architect of SNARE. To learn more, visit the website, call 866-770-3933 or email info[.]snarealliance.com.