Our Scenarios
Logs Analysis

Windows Snare

Info

Snare for Windows is a service that interacts with the underlying Windows Eventlog subsystem to facilitate remote, real-time transfer of event log information. Event logs from the Security, Application and System logs, as well as the new DNS, File Replication Service, and Active Directory logs are supported. Log data is converted to text format, and delivered to a remote Snare Server, or to a remote Syslog server with configurable and dynamic facility and priority settings.

Learning Outcomes

By the end of this scenario, the learner will have covered these topics: - Configuring SNARE agent on Windows - Forwarding Windows events, application and security logs to rsyslog - Analysing centralized Windows logs - Log compression and rotation

  • MODESINGLEPLAYER
  • TYPECCL
  • DIFFICULTYINTERMEDIATE
  • TIME60 MINUTES
  • COST10 CRYSTALS
SHARE