WIXLIB

Snare System Version 6.3.4 Release NotesSymtrex Inc. is pleased to announce the release of Snare Server Version 6.3.4.Snare Server Version 6.3.4New FeaturesThe behaviour of the Snare Server reflector has been modified so that data coming in via syslog, andbeing reflected via syslog, will be sent through to the target server unchanged, without additionalsyslog headers.Added iotop and sysstat packages into the installation package selection for customers to use asrequired via the command line console.Bug Fixes:The LDAP API references an LDAP object by its distinguished name (DN). Updated DN validationchecker to support valid dash characters within the DN value.Resolved issue where the Objective List wasn't being generated correctly due to unexpected characterencoding of the raw data.The validation phase of the samba password configuration process was overly restrictive, and wouldnot set the password correctly.Updated User and Group information retrieval code to support different authentication types, to resolvean issue with some legacy Linux Agent versions that returned Authentication Failed messages when apassword was set.Implemented checks within the Agent User and Group data retrieval functionality to help supportloading data from busy or overloaded Snare Agents. This resolves an intermittent issue which occurredin older versions of the server that prevented the server from retrieving user group data on eachrequest.Removed the (broken) Google Talk and Twitter RealTime Alerting options, and cleaned up configurationitem to remove the confusion regarding where to configure Email Alerts.Fixed an issue with the 15 minute pattern map for the Total Events status page that prevented viewingthe events list when clicking on a specific Agent under a specific Event Type.Implemented support for parsing ContentKeeper log data via syslog into the correct log table.Contact Us:Network Security SpecialistsSymtrex Inc.264 Jane StreetToronto, OntarioCanada, M6S 3Z2416.769.3000 ph.866.431.8972 Toll FreeWho’s Watching your Network?

Security UpdatesUpdated core system packages with latest security and bug fixes.MiscellaneousUpdated vulnerability scanner plugins.Updated Snare Geographic IP Address database.Updated ClamAV virus definitions, for customers with servers that cannot access the internet todownload their own updates easily.Contact Us:Symtrex Inc.264 Jane StreetToronto, OntarioNetwork Security SpecialistsCanada, M6S 3Z2416.769.3000 ph.866.431.8972 Toll o’s Watching your Network?

Snare Server Version 6.3.3Bug Fixes:Implemented enhanced memory management features within the Snare Database, to prevent reportsfrom not running correctly in some situations when a lot of event data is being processed by a singlereport. These features are automatic and shouldn’t affect the performance of the database queries. Itsome cases, objectives may even take less time to be generated.Resolved the issue with the Retrieve Users and Group data from Active Directory not retrieving the fullinformation in some instances.Added missing functionality to support MAC Address TOKEN lookup into GenericLog queries. It can beenabled for GenericLog queries by using the 'MACADDRESS' TOKEN on a MAC Address field.Resolved issue with the Snare Reflector, which prevented the first reflector configuration entry frombeing removed.Fixed the LDAP DN validation process to allow dashes within the DN field, as they were beingincorrectlyblocked from use.Security Updates:Prevented the Windows AD password from being written to the snare.log as part of debugginginformation. The string ' password ' will now be displayed instead of the passwordUpdated core system packages with latest security and bug fixes.MiscellaneousUpdated vulnerability scanner plugingsUpdated Snare Geographic IP Address database.Updated ClamAV virus definitions for customers with servers that cannot access the internet todownload their own updates easily.Contact Us:Symtrex Inc.264 Jane StreetNetwork Security SpecialistsToronto, OntarioCanada, M6S 3Z2416.769.3000 ph.866.431.8972 Toll Free416.769.4477www.symtrex.comWho’s Watching your Network?

Snare Server Version 6.3.2New Features:Added support for the upcoming V4.0.0 releases of the Snare Enterprise Agents for Linux and Solaris.Added a new objective for Windows USB events into the default objectives installed as part of a freshinstall of the Snare ServerBug Fixes:Resolved issue with the Snare SNMPTrap Collector preventing it from working with some devices. Inv6.3.1, the Snare SNMPTrap collector could process snmptrap data tagged as PUBLIC. Unfortunatelysome devices included double-quotes around the string ("public"), which was causing the underlyingSNMPTrap receiver to ignore those specific events. This fix disables tag checking completely, andallows Snare to accept SNMPTrap data with any tags.Fixed the issue with the per-agent timezone selection, which prevented users from specifying differenttimezones for different agents within their fleet.Fixed issue which allowed a TOKEN to be removed accidently while updating it through theconfiguration dialog. The deletion button has been switched to checkbox, to prevent accidentalselection and submission of the form.Resolved issue for new installations v6.3.0 where the System Statistics page wasn't showing the fullinformation by default.Resolved issue affecting recent fresh installations of the Snare Server where the User Group metadatadatabase was being incorrectly initiated. This has been fixed in in the ISO installation image, and thev6.3.2 update(s) will correctly initiate the database if it is found to be affected.Security Updates:Updated core system packages with latest security and bug fixes.MiscellaneousUpdated vulnerability scanner plugingsUpdated Snare Geographic IP Address database.Updated ClamAV virus definitions for customers with servers that cannot access the internet todownload their own updates easily.Contact Us:Symtrex Inc.264 Jane StreetToronto, OntarioNetwork Security SpecialistsCanada, M6S 3Z2416.769.3000 ph.866.431.8972 Toll o’s Watching your Network?

Snare Server Version 6.3.1Bug FixesUpdated the default firewall configuration to use UDP instead of TCP for SNMP.Resolved issue that broke FTOKEN support for some queries.Resolved the sanitization check that lead to not being able to select the and functions within theSnare Server match interface.Security UpdatesUpdated core system packages with latest security and bug fixes.NFS services, made available as an option on Snare Server v6.2, can now be completely disabled on theSnare Server, through the installation and configuration wizard.MiscellaneousUpdated vulnerability scanner plugins.Updated Snare Geographic IP Address database.Updated ClamAV virus definitions, for customers with servers that cannot access the internet to downloadtheir own updates easily.Contact Us:Symtrex Inc.Network Security Specialists264 Jane StreetToronto, OntarioCanada, M6S 3Z2416.769.3000 ph.866.431.8972 Toll Free416.769.4477Who’s Watching your Network?

Snare Server Version 6.3.0New FeaturesSupport was added into the collection system for the AppleBSM audit events provided by the new SnareAgent for OSX (to be released in the near future).An option was added to the Configuration Wizard to allow customers to disable the daily Pre-Cachefunctionality, if instructed by a Snare Support Representative. This option disables the daily pre-cachefunctionality of the internal Snare Database, which can, in rare instances, use more resources during thecaching process than are actually saved during the report generation process when caching is enabled.With larger and larger drives being used for the storage of log data, the 'percentage free space' warning andproblem threshold settings on the Snare Server Health Checker, have been migrated to a 'gigabytes free'model. As part of the server update process, your previous settings will be automatically converted to thenew format.Bug FixesResolved display issue which prevented the Progress bar from progressing in Google Chrome.Resolved a configuration issue with the OpenVAS vulnerability scanner.In some circumstances, data validation routines will use an extended path, when saving default values backto the Snare configuration database in the event of a input validation failure, which means that datavalidation and correction routines will be called for each and every objective initialisation until the invaliddata is updated. This fix trims the path, so that default data can overwrite the invalid data, leading to a tinyspeedup in objective instantiation in situations where invalid data has been entered.Resolved issue that affected some older installations which involved old package updates being appliedduring the newer updates. The result of which was incorrectly configured packages preventing some systemfunctionality from working. Safeguards have been put into place to ensure this does not occur in the future,and an upgrade to v6.3.0 should resolve any existing issues some customers are experiencing due to thisissue.Added support into the Agent Management Console for Legacy Agent configurations which allowed emptypasswords.Resolved issue that caused the 'Remove Data' objective from reporting a completed data removal process insome situations.Resolved bug that prevented the Port and Vulnerability Scanner from correctly displaying response ofcompleted scan.Contact Us:Symtrex Inc.264 Jane StreetToronto, OntarioNetwork Security SpecialistsCanada, M6S 3Z2416.769.3000 ph.866.431.8972 Toll o’s Watching your Network?