SNARE Server Features

The SNARE Server is a Security Event and Information Management (SIEM) solution that provides robust audit event collection, analysis, reporting and archival capabilities. The SNARE Server can collect from a massive variety of operating systems, active directory/domain controllers, Exchange and Web Servers, and SQL Databases, and can receive event log data directly from routers, switches, firewalls, VPNs, authentication servers, and arbitrary syslog sources.

The SNARE Server and Enterprise Agents are used by many organizations as a complete SIEM/Event Log Management Solution. However with the newest feature of the SNARE Server v7.0, the Snare Reflector, the SNARE Server can now be deployed as a node with other SIEM’s or services. It can reflect log data to multiple destinations using different protocols, such as UDP, TCP or TLS/SSL – all at the same time.
Download SNARE Server v 7.0 User's Guide

The SNARE Server’s back-end architecture is made up of a compressed, indexed file based system that allows organizations to essentially keep as much log data as needed, without compromising performance or increasing license fees. This a great feature for addressing forensics needs. Your data is not encoded in a proprietary black hole. SNARE Server v7.0 doesn’t use closed formats to store your information. If you need to export your data to another application for forensic study, you can.


  • SNARE Agent Management Console uses a “cloneable” objectives design that enables the user to pull the configuration from an existing SNARE Enterprise Agent and push it out to other SNARE Enterprise Agents, enabling a wider set of agents to be managed under a single objective. Other features include the ability to include specific hosts in the management functionality, regardless of whether they currently report log data to the SNARE Server, and limiting agents by hostname and version filters.
  • SNARE Reflector: Version 7.0 includes the new SNARE Reflector with functionality for multiple configurable destinations.The SNARE Reflector can send data to:

    • One or more destinations
    • Either SNARE or Syslog format messages
    • Using UDP or TCP connections
    • With SSL or TLS encryption enabled (if supported by the remote server).
  • TLS Connection: Version 7.0 includes the support for receiving events over a TLS connection from TLS supported Agents. This means that the SNARE Server is now capable of receiving TLS encrypted data on port 6163. Agents, or other data sources, that are capable of using TLS encryption (such as the SNARE for Windows Agent), can utilize this feature to provide point to point encryption of log data.
  • Tailored Objectives: Ability to add, modify or remove specific clonable objectives that have their own configurations, access controls, and distribution settings.
  • Objective Names and Paths: Version 7.0 implemented custom expand/contract options for the Objective Navigation Panel to allow for longer objective names and complex nested paths
  • User/Group Administration: The SNARE Server offers you the ability to restrict particular capabilities and reports to particular SNARE Server users
  • Email Reporting: SNARE includes the ability to automatically email reports to a list of users, at identified intervals (eg: daily, weekly, monthly). This provides security administrators with the capability to facilitate access to SNARE reports, without providing a login to the SNARE Server.
  • Configuration Checking: SNARE can collect, view, and report on configuration related data reported by the various SNARE Agents. Examples include User and Group information, or Lotus Notes Access Controls.
  • Password Rules: Version 7.0 includes new Password Complexity rules for user accounts.Additional password security controls have been implemented in both the SNARE Server user interface, and in the underlying operating system. Controls can be enabled via the SNARE Server Configuration Wizard, and include:

    • Password complexity and dictionary checks
    • Password history checks
    • Password rotation
  • Network File System Packages: Version 7.0 of the SNARE Server includes packages for NFS in the base operating system to allow for custom configuration of NFS as needed.NFS can be used to connect to many popular NAS storage systems to expand the usable disk on the system or to simply allow archiving or data backups to another location.
  • Agent Remote Control: Ability to fully remote control the SNARE Agents. Agents also have the ability to filter events at the front-end, reducing the load on your network, and local disk.
  • Network Device Reporting: SNARE can collect from a variety of Network devices, including Firewalls, Routers and Switches.
  • Click-Through Detailed Analysis: Users can drill through for more information in each objective.
  • IOS Access Controls: IOS Access Controls can be checked against an authorized copy. Differences are visually highlighted.
  • PIX Firewall Reporting: PIX Firewalls, CISCO Routers, and other similar devices that use IOS, can report to the SNARE Server.


To see screen shots of these features go to our SNARE Server Screenshots page.

To view an online demo of the SNARE Server go to: http://demo.intersectalliance.com
And enter the user name: SNARE_Admin and Password: Welcome2SNARE!