Specifications

Guide to Snare for Linux

1 Introduction

The team at InterSect Alliance have experience with auditing and intrusion detection on a wide

range of platforms - Solaris, Windows, Android, AIX, even MVS (ACF2/RACF); and within a wide range

of IT security in businesses such as National Security and Defence Agencies, Financial Service firms,

Government Departments and Service Providers. This background gives us a unique insight into how

to effectively deploy host and network intrusion detection systems that support and enhance an

organization's business goals.

'Snare for Linux' allows event logs from the Linux audit subsystem to be collected from the operating

system, and forwarded to a remote audit event collection facility after appropriate filtering. Snare

for Linux will also allow a security administrator to fully remote control the application through a

standard web browser if so desired. Snare has been designed in such a way as to allow the remote

control functions to be easily effected manually, or by an automated process.

Other Snare agents are also available including Snare for Solaris, Linux, OSX, MSSQL, Epilog and

Windows. The agents are capable of sending data to a wide variety of target collection systems,

including our very own 'Snare Server'. See Chapter 5 Snare Server for further details.

Welcome to 'Snare' - System iNtrusion Analysis & Reporting Environment.