Snare System Version 6.3.6 Release Notes



Similar documents
How To Fix A Snare Server On A Linux Server On An Ubuntu (Amd64) (Amd86) (For Ubuntu) (Orchestra) (Uniden) (Powerpoint) (Networking

Snare System Version Release Notes

Snare System Version Release Notes

User Guide to the Snare Agent Management Console in Snare Server v7.0

Snare Agent Management Console User Guide to the Snare Agent Management Console in Snare Server v6

Upgrade to Webtrends Analytics 8.7: Best Practices

Release Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7/v1.8

System Security Guide for Snare Server v7.0

Juniper Secure Analytics Release Notes

4. Getting started: Performing an audit

Over-the-top Upgrade Guide for Snare Server v7

McAfee Web Gateway 7.4.1

VMware vcenter Log Insight Getting Started Guide

Attix5 Pro Server Edition

Eucalyptus User Console Guide

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Extreme Networks Security Upgrade Guide

VMware Identity Manager Connector Installation and Configuration

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

Rebasoft Auditor Quick Start Guide

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

How To Upgrade To Symantec Mail Security Appliance 7.5.5

SNARE Server Release Notes - Release 4.0

Shellshock Security Patch for X86

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Release Notes for Websense Security v7.2

SOA Software: Troubleshooting Guide for Agents

Using Snare Agents for File Integrity Monitoring (FIM)

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

OCS Virtual image. User guide. Version: Viking Edition

SolarWinds Log & Event Manager

Nixu SNS Security White Paper May 2007 Version 1.2

Getting Started with Clearlogin A Guide for Administrators V1.01

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)

Installing, Uninstalling, and Upgrading Service Monitor

Shellshock. Oz Elisyan & Maxim Zavodchik

Online Vulnerability Scanner Quick Start Guide

Attix5 Pro Server Edition

Using and Contributing Virtual Machines to VM Depot

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

OnCommand Performance Manager 1.1

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

1. Product Information

Introweb Remote Backup Client for Mac OS X User Manual. Version 3.20

Online Backup Client User Manual Linux

Running custom scripts which allow you to remotely and securely run a script you wrote on Windows, Mac, Linux, and Unix devices.

VMware vcenter Log Insight Security Guide

Web Application Vulnerability Testing with Nessus

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

mguard Device Manager Release Notes Version 1.6.1

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide

Zend Server 4.0 Beta 2 Release Announcement What s new in Zend Server 4.0 Beta 2 Updates and Improvements Resolved Issues Installation Issues

2 Downloading Access Manager 3.1 SP4 IR1

Citrix Access Gateway Plug-in for Windows User Guide

HoneyBOT User Guide A Windows based honeypot solution

Freshservice Discovery Probe User Guide

Big Data Operations Guide for Cloudera Manager v5.x Hadoop

User Management Guide

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

RecoveryVault Express Client User Manual

Online Backup Client User Manual

SNARE Agent for Windows v Release Notes

TUXERA NTFS for Mac USER GUIDE 2/13. Index

Discovery Guide. Secret Server. Table of Contents

Management, Logging and Troubleshooting

IceWarp to IceWarp Server Migration

StruxureWare Data Center Expert Release Notes

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

Sophos Anti-Virus for Mac OS X: Home Edition Help

Quick Start Guide for VMware and Windows 7

Security Correlation Server Quick Installation Guide

v7.8.2 Release Notes for Websense Content Gateway

Online Backup Client User Manual

Managing Qualys Scanners

Intel Internet of Things (IoT) Developer Kit

Attix5 Pro. Your guide to protecting data with Attix5 Pro Desktop & Laptop Edition. V6.0 User Manual for Mac OS X

Amira License Manager

Xerox Mobile Print Cloud

UForge 3.4 Release Notes

Polycom CMA System Upgrade Guide

LogLogic Trend Micro OfficeScan Log Configuration Guide

FREQUENTLY ASKED QUESTIONS

Symantec Security Information Manager 4.8 Release Notes

Secure Web Appliance. SSL Intercept

Central Security Server

OS6 N2520 N2560 N4520 N4560 FWRN Build OS

FEI Avizo License Management

IBM Security QRadar Version (MR1) WinCollect User Guide

VMware vcenter Log Insight Security Guide

SimpleFTP. User s Guide. On-Core Software, LLC. 893 Sycamore Ave. Tinton Falls, NJ United States of America

AWS Schema Conversion Tool. User Guide Version 1.0

Web Application Firewall

WEBROOT ARCHIVING SERVICE. Getting Started Guide North America. The best security in an unsecured world. TM

Administration Quick Start

StruxureWare Data Center Expert Release Notes

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

GWAVA 5. Migration Guide for Netware GWAVA 4 to Linux GWAVA 5

CA arcserve Unified Data Protection Agent for Linux

Transcription:

Snare System Version 6.3.6 Release Notes is pleased to announce the release of Snare Server Version 6.3.6. Snare Server Version 6.3.6 New Features Added objective and user documentation to the email header, sent out in the nonhtml component of a scheduled email. Ensured that user-documentation is also included in the html component of a scheduled email. Performed updates to the way that data is stored internally within the Agent Management Console to resolve an error which was encountered when a large number of agents (10,000+) is processed in a single objective. There should be no performance impacts or functionality changes as a result of this change. Network errors could lead to a situation where a newline is not sent through to the server, and the client terminates straight after partial transmission. This could potentially lead to a hanging read() in the TLS collection service. This modification implements read timeouts. An issue was discovered that prevented the Threshold Query configuration from being applied when the PreSelect functionality was disabled. This has been fixed, so the Threshold Query configuration is now applied, no matter what type of query is being used to retrieve the data. Resolved an issue with the TLS Collector that would cause it to lose connection under some circumstances. It should now maintain connection as is the expected behaviour. The Apache configuration has been updated to remove SSLv3 support from the HTTPS configuration, when enabled. This is due to the recent security vulnerabilities (poodle) discovered in SSLv3. Customers that require it can manually update the Apache configuration to reenable it asrequired. Security Updates Applied the latest security and bug fix updates to the Ubuntu operating system packages. Updated ClamAV virus definitions, for customers with servers that cannot access the internet to

is pleased to announce the release of Snare Server Version Snare System Version 6.3.5 Release Notes 6.3.5. Snare Server Version 6.3.5 The Agent configuration retrieval functionality within the Agent Management Console (AMC) has been changed slightly, to limit the number of concurrent connections to a sane maximum. As a result of this change, the AMC will no longer (in very extreme cases) flood the server with numerous processes and use all available resources, instead it will process Agents at a slower, but safer rate. Security Updates The bash system package has been updated to include the security patches which resolve the recently discovered Shellshock vulnerability (CVE20146271, CVE20147169, CVE20147187, CVE20147186). Although the Snare Server web server is not running a vulnerable server configuration, other components (such as SSH) may have opened up the possibility for abuse, and this update ensures that the server is no longer vulnerable to this issue. An ssh connection to a Snare Server will still require the authentication to be valid for the connecting user in attempting the exploit. Given a Snare Server command line access is usually restricted to the admin users only this issue would be a low risk activity. If customers have other users that have command line access to their Snare Servers then the likelihood of an attack is much greater. As per normal security practices all admin console access (web and SSH) to the Snare Server should be restricted to only users who require access as part of their job function. Updated ClamAV virus definitions, for customers with servers that cannot access the internet to

Snare System Version 6.3.4 Release Notes is pleased to announce the release of Snare Server Version 6.3.4. Snare Server Version 6.3.4 New Features The behaviour of the Snare Server reflector has been modified so that data coming in via syslog, and being reflected via syslog, will be sent through to the target server unchanged, without additional syslog headers. Added iotop and sysstat packages into the installation package selection for customers to use as required via the command line console. The LDAP API references an LDAP object by its distinguished name (DN). Updated DN validation checker to support valid dash characters within the DN value. Resolved issue where the Objective List wasn't being generated correctly due to unexpected character encoding of the raw data. The validation phase of the samba password configuration process was overly restrictive, and would not set the password correctly. Updated User and Group information retrieval code to support different authentication types, to resolve an issue with some legacy Linux Agent versions that returned Authentication Failed messages when a password was set. Implemented checks within the Agent User and Group data retrieval functionality to help support loading data from busy or overloaded Snare Agents. This resolves an intermittent issue which occurred in older versions of the server that prevented the server from retrieving user group data on each request. Removed the (broken) Google Talk and Twitter RealTime Alerting options, and cleaned up configuration item to remove the confusion regarding where to configure Email Alerts. Fixed an issue with the 15 minute pattern map for the Total Events status page that prevented viewing the events list when clicking on a specific Agent under a specific Event Type. Implemented support for parsing ContentKeeper log data via syslog into the correct log table. 313 Armadale

Security Updates Updated ClamAV virus definitions, for customers with servers that cannot access the internet to

Snare Server Version 6.3.3 Implemented enhanced memory management features within the Snare Database, to prevent reports from not running correctly in some situations when a lot of event data is being processed by a single report. These features are automatic and shouldn t affect the performance of the database queries. It some cases, objectives may even take less time to be generated. Resolved the issue with the Retrieve Users and Group data from Active Directory not retrieving the full information in some instances. Added missing functionality to support MAC Address TOKEN lookup into GenericLog queries. It can be enabled for GenericLog queries by using the 'MACADDRESS' TOKEN on a MAC Address field. Resolved issue with the Snare Reflector, which prevented the first reflector configuration entry from being removed. Fixed the LDAP DN validation process to allow dashes within the DN field, as they were beingincorrectly blocked from use. Security Updates: Prevented the Windows AD password from being written to the snare.log as part of debugging information. The string '<password>' will now be displayed instead of the password Updated vulnerability scanner plugings Updated ClamAV virus definitions for customers with servers that cannot access the internet to

Snare Server Version 6.3.2 New Features: Added support for the upcoming V4.0.0 releases of the Snare Enterprise Agents for Linux and Solaris. Added a new objective for Windows USB events into the default objectives installed as part of a fresh install of the Snare Server Resolved issue with the Snare SNMPTrap Collector preventing it from working with some devices. In v6.3.1, the Snare SNMPTrap collector could process snmptrap data tagged as PUBLIC. Unfortunately some devices included double-quotes around the string ("public"), which was causing the underlying SNMPTrap receiver to ignore those specific events. This fix disables tag checking completely, and allows Snare to accept SNMPTrap data with any tags. Fixed the issue with the per-agent timezone selection, which prevented users from specifying different timezones for different agents within their fleet. Fixed issue which allowed a TOKEN to be removed accidently while updating it through the configuration dialog. The deletion button has been switched to checkbox, to prevent accidental selection and submission of the form. Resolved issue for new installations v6.3.0+ where the System Statistics page wasn't showing the full information by default. Resolved issue affecting recent fresh installations of the Snare Server where the User Group metadata database was being incorrectly initiated. This has been fixed in in the ISO installation image, and the v6.3.2+ update(s) will correctly initiate the database if it is found to be affected. Security Updates: Updated vulnerability scanner plugings Updated ClamAV virus definitions for customers with servers that cannot access the internet to.

Snare Server Version 6.3.1 Bug Fixes Updated the default firewall configuration to use UDP instead of TCP for SNMP. Resolved issue that broke FTOKEN support for some queries. Resolved the sanitization check that lead to not being able to select the < and <= functions within the Snare Server match interface. Security Updates NFS services, made available as an option on Snare Server v6.2, can now be completely disabled on the Snare Server, through the installation and configuration wizard. Updated ClamAV virus definitions, for customers with servers that cannot access the internet to download their own updates easily.

Snare Server Version 6.3.0 New Features Support was added into the collection system for the AppleBSM audit events provided by the new Snare Agent for OSX (to be released in the near future). An option was added to the Configuration Wizard to allow customers to disable the daily Pre-Cache functionality, if instructed by a Snare Support Representative. This option disables the daily pre-cache functionality of the internal Snare Database, which can, in rare instances, use more resources during the caching process than are actually saved during the report generation process when caching is enabled. With larger and larger drives being used for the storage of log data, the 'percentage free space' warning and problem threshold settings on the Snare Server Health Checker, have been migrated to a 'gigabytes free' model. As part of the server update process, your previous settings will be automatically converted to the new format. Bug Fixes Resolved display issue which prevented the Progress bar from progressing in Google Chrome. Resolved a configuration issue with the OpenVAS vulnerability scanner. In some circumstances, data validation routines will use an extended path, when saving default values back to the Snare configuration database in the event of a input validation failure, which means that data validation and correction routines will be called for each and every objective initialisation until the invalid data is updated. This fix trims the path, so that default data can overwrite the invalid data, leading to a tiny speedup in objective instantiation in situations where invalid data has been entered. Resolved issue that affected some older installations which involved old package updates being applied during the newer updates. The result of which was incorrectly configured packages preventing some system functionality from working. Safeguards have been put into place to ensure this does not occur in the future, and an upgrade to v6.3.0 should resolve any existing issues some customers are experiencing due to this issue. Added support into the Agent Management Console for Legacy Agent configurations which allowed empty passwords. Resolved issue that caused the 'Remove Data' objective from reporting a completed data removal process in some situations. Resolved bug that prevented the Port and Vulnerability Scanner from correctly displaying response of completed scan..

Security Updates Completed security audit and applied updates as required. Implemented centralised checking and sanitisation of input across all user interface components, in order to further reduce the risk of cross site scripting, database injection, and related attempts at corrupting the Snare Server interface. Implemented CSRF Tokens to eliminate potential avenues for attack against the Snare Server UI. Security options have been migrated to a separate category in the Snare Server wizard. The ability to block external sites from being displayed in a clickable format (eg: the link to the Snare Server documentation, hosted on the InterSect Alliance web server) has been added. Paths for hard coded temporary files have been modified to use unique randomly generated filenames, where possible. Paths for files that store process ID information have been migrated to /var/run to follow unix best practice. Updated ClamAV virus definitions, for customers with servers that cannot access the internet to download their own updates easily. Updated copyright date stamp on the splash screen to reflect the current year (2014). Detailed Notes: 1. Applying the Update to a Snare Server v6. This update can be applied to an existing Snare Server v6, by downloading the Snare Update file from your client area and using the update wizard, found at: System > Administrative Tools > Snare Server Update If you have trouble applying this update, please speak to your Snare Support Representative. 2. Update file size issue. Due to a file-size restriction issue, it is not possible to directly upgrade to v6.3.0 on an existing Snare Server that is still on version 6.0.0. Instead, the special PreUpdate provided in your client area must be applied first, and then the v6.3.0 update can be used. 3. Base Ubuntu OS Information Snare Server v6.3.0 is based on a stripped down, and hardened version of Ubuntu 10.04.4 LTS. The 32-bit and 64 -bit releases have the same (or equivalent) packages installed with the exception of the Linux Kernel. 32-bit has Ubuntu Kernel 2.6.32-24.43-generic-pae, which is based off the 2.6.32.15+drm33.5 mainline Linux Kernel version 64-bit has Ubuntu Kernel 3.0.0-32.51~lucid1-server, which is based off the 3.0.69 mainline Linux Kernel version. A full package list for each release version of the Snare Server can be provided upon request

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information