SNARE MS SQL AgentThe Snare Enterprise Agent for MSSQL agent can track and monitor all database administrative activity from Microsoft SQL Server 2005, 2008, 2012, 2014 (and 2016 coming soon) and securely send the log information to a remote Snare Server, SIEM system, syslog server or a local log file for analysis and reporting.

This database administrative activity is required for compliance, such as PCI DSS, HIPPA so activity can be tracked on what the DBAs are accessing, changing or deleting. For example, if someone accessed the payroll tables in the HR system, cardholder data for customers, or copied the health records for a patient. Most customers will only need to track admin/DBA activity as the general user access is controlled from the application, but all activity may be tracked if necessary, though there will be more logs generated that will need to be managed. DBAs and administrators can perform unauthorized activity to override technical controls and change settings, the Snare for MSSQL agent helps detect this behavior.

The Snare for MSSQL agent can be configured to monitor a variety of MSSQL installation types. The default objective template will monitor the master database within the default local MSSQL instance. This can be modified on a per objective basis to specify a named MSSQL instance and a database within that instance.

The Snare for MSSQL agent and smart installer also supports complex SQL cluster environments and will install the agent on all instances that are registered in the SQL cluster. The agent will ensure that all instances have the same configuration so in the event that an SQL instance migrates from one server to another, the agent either automatically or manually will follow the SQL instance and keep the same configuration to ensure that your logging continues.

Some of the many features of the Snare Enterprise Agent for MSSQL include:

  • Caching of events in case of a network disruption, ensuring that events are not lost
  • Confirmed log message delivery with Smart TCP - no lost or missing logs.
  • Encryption with TLS/SSL
  • Dynamic DNS
  • Log to multiple destinations
  • Granular objective control to monitor specific database users or SQL activity and transactions
  • Event per Second (EPS) rate controls
  • Agent Memory Management
  • UTC time format
  • Group Policy Support
  • General Search Term wildcard matching
  • Installer supports 32 and 64 bit versions
  • Allow administrators to locally or remotely monitor changes to the agent’s configuration via a standard web browser