- Snare (software)
Snare (sometimes also written as SNARE, an acronym for System iNtrusion Analysis and Reporting Environment) is a group of open-source agents, and a commercial server, used to collect audit log data from a variety of operating systems and applications to facilitate centralised
log analysis . Agents are available forLinux , Windows, Solaris, IIS,Lotus Notes ,Irix ,AIX ,ISA and more.Snare is currently used by hundreds of thousands of individuals and organisations worldwide. [citeweb|title=InterSect Alliance|url=http://www.intersectalliance.com/projects/Snare/|accessdate=2008-06-23]History
The Snare series of agents began life in 2001 when the team at InterSect Alliance created a
Linux kernel module to implementTrusted Computer System Evaluation Criteria auditing at the C2 level.Agents for Windows, and Solaris soon followed, and additional operating systems, and applications were added to the mix over time.
The Snare Server software was originally designed to meet the needs of Australian-based intelligence agency clients, and distribution was restricted to Australia only. The need for a server solution to compliment the increasingly popular Snare agents, pushed the InterSect Alliance team to find overseas partners, and allow distribution internationally.
Distribution
Snare has been described as the 'De Facto standard for Windows event retrieval' [citeweb|title=Sensage|url=http://www.sensage.com/English/Collaterals/Documents/SenSage_SolutionSheet_AgentlessWindows.pdf|accessdate=2008-06-24] , and because of it's deep roots in the open source movement, coupled with available commercial support options, is used by small non-profit organisations, right up to huge multinational, fortune-500 companies.
Organisations that produce audit server software that competes with the Snare Server software, such as Cisco [citeweb|title=Cisco|url=http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a008074f1d6.html|accessdate=2008-06-24] , Sensage [citeweb|title=Sensage|url=http://www.sensage.com/English/Collaterals/Documents/SenSage_SolutionSheet_AgentlessWindows.pdf|accessdate=2008-06-24] , and LogLogic [citeweb|title=LogLogic|url=http://www.loglogic.com/log-ed/log-ed-engineer/|accessdate=2008-06-24] , all use and recommend the snare agents to their customers.
Design
The Snare agents have been designed to collect audit log data from a host system, and push the data as quickly as possible, to a central server (or servers), for archive, analysis, and reporting.
The central server can be either a syslog server, a Snare Server appliance, or a custom application. Snare agents are also able to push logs over a data diode in order to facilitate log transfer from networks of low classification to networks of higher classification.
The Snare Server is an appliance, or software-only solution, that provides a variety of analysis tools and to facilitate the collection, analysis, reporting, and archival of audit log data.
References
External links
* [http://www.intersectalliance.com/snareserver/ Commercial server product home page]
* [http://www.intersectalliance.com/projects/ Open-source agents home page]
* [http://sourceforge.net/projects/snare/ SNARE] onSourceForge
Wikimedia Foundation. 2010.
