SNARE Enterprise Agents

SNARE Enterprise Agents capture security events, filtering and forwarding event logs to the SNARE Server or to any 3rd Party SIEM (HP ArcSight, IBM QRadar, MCI Nitro, RSA, Splunk, etc) or MSSP (Dell SecureWorks, Solutionary).

SNARE Enterprise Agents are available for monitoring Windows (up to 2012 R-2) Servers, Windows Work Stations, Linux, Unix, Solaris, OSX, IRIX and AIX Operating Systems, Active Directory / Domain Controllers, MS-SQL Databases, IIS, ISA, SMTP, Exchange and Lotus Notes.

SNARE Enterprise Agents offer a number of enhanced capabilities over Open Source that will improve reliability (caching, TCP confirmed delivery, multicasting to multiple destinations, agent heartbeat,), security (TLS based encryption) and ease of agent deployment (MSI, Group Policy, Dynamic DNS).

Select your Agent:

Snare Agent for Windows is a Windows XP, Vista, Windows 2003, Windows 7, 8, 8.1, Windows 2008/2008 R2, Windows 2012/2012 R2 (and updates) compatible service that interacts with the underlying Windows Eventlog subsystem to facilitate remote, real-time transfer of event log information. Log data is converted to text format, and delivered to a remote Snare Server, remote SIEM server or to a remote Syslog server with configurable and dynamic facility and priority settings.

  Product Page 

SNARE for Linux allows event logs from the native Linux audit subsystem to be collected from the operating system, and forwarded to a remote audit event collection facility after appropriate filtering. SNARE for Linux is known to work on Red Hat Enterprise 5 and 6, CentOS 5 and 6, Fedora Core 11 to 17, Ubuntu, Debian and SuSE 10 and 11 for both 32 and 64 bit systems.

  Product Page  

SNARE for Solaris provides front end filtering, remote control, and remote distribution for Solaris audit data, interfacing with the underlying C2/ CAPP-style Sun “Basic Security Module”. SNARE for Solaris can be used as a standalone auditing tool, or can send data to the SNARE Server, remote SIEM system or any syslog server for analysis and storage. SNARE for Solaris is available for Solaris 9 and Solaris 10 (Solaris 11 coming soon).

  Product Page  

SNARE for OSX enhances the platform by making use of the TrustedBSM auditing framework to provide remote control, and remote distribution of OSX audit data for Apple MAC products. Able to be used stand alone as an auditing tool or in conjunction with SNARE Server for remote analysis and storage, SNARE for OSX makes use of the latest in encryption to help provide PCI compliance for your business.

  Product Page  

SNARE Epilog Agent for Windows is a program that facilitates the central collection and processing of Windows text-based log files. Epilog for Windows supports date stamped log files such as IIS, ISA, SMTP and Exchange Message Tracking Logs. Log information is converted to a tab delimited text format, then delivered over UDP or TCP to a SYSLOG, 3rd Party SIEM or SNARE Server running on a remote or local machine.

  Product Page  


View the documentation:

  View a SNARE Agent Introductory Video
  How to Install SNARE Agents
  Download SNARE Agent Documentation and User Guides