Snare (sometimes also written as SNARE, an acronym for System iNtrusion Analysis and Reporting Environment) is a collection of software tools that collect audit log data from a variety of operating systems and applications to facilitate centralised log analysis. Agents are available for Linux, Windows, Solaris, Irix, AIX, ISA/IIS, Microsoft SQL Server, a variety of browsers, and more.
Snare is currently used by hundreds of thousands of individuals and organisations worldwide.
The Snare Server software was originally designed to meet the needs of Australian-based intelligence agency clients, and distribution was restricted to Australia only. The need for a server solution to complement the increasingly popular Snare agents, pushed the InterSect Alliance team to find overseas partners, and allow distribution internationally.
Snare has been described as the 'De Facto standard for Windows event retrieval', and because of its deep roots in the open source movement, coupled with available commercial support options, is used by small non-profit organisations, right up to huge multinational, Fortune-500 companies.
Organisations that produce audit server software that competes with the Snare Server software, such as Cisco, Sensage, and LogLogic , all use and recommend the Snare agents to their customers.
Most agents have both a supported commercial, and an open-source version available.
The Snare agents have been designed to collect audit log data from a host system, and push the data as quickly as possible, to a central server (or servers), for archive, analysis, and reporting.
The central server can be either a syslog server, a Snare Server appliance, or a custom application. Snare agents are also able to push logs over a unidirectional network in order to facilitate log transfer from networks of low classification to networks of higher classification.
The Snare Server is an appliance, or software-only solution, that provides a variety of analysis tools and to facilitate the collection, analysis, reporting, and archival of audit log data.