Intersect Alliance International

Page 1 of 22
© Intersect Alliance International Pty Ltd. All rights reserved worldwide.
Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct, or indirect damages in connection with the use of this material. No
part of this work may be reproduced or transmitted in any form or by any means except as expressly permitted by Intersect Alliance International Pty Ltd.
This does not include those documents and software developed under the terms of the open source General Public Licence, which covers the Snare
agents and some other software.
The Intersect Alliance logo and Snare logo are registered trademarks of Intersect Alliance International Pty Ltd. Other trademarks and trade names are
marks’ and names of their owners as may or may not be indicated. All trademarks are the property of their respective owners and are used here in an
editorial context without intent of infringement. Specifications and content are subject to change without notice.
QRadar Snare Application User Guide
Page 2 of 22
Table of Contents
1. About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The QRadar Snare Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. File Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
6. Registry Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
7. Logon/Logoff Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
8. USB Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
9. Administrative Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10. All Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
11. Threat Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
12. Configuring Snare Windows Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
13. About Snare Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
14. About Intersect Alliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
© Intersect Alliance International Pty Ltd Page 3 of 22
1. About this guide
The QRadar Snare Application is designed to help users visualize the logs sent to QRadar from the Snare for Windows
agent. The data is displayed via some graphs, and tables of data with filtering applied of the data through the menu
selections.
Version History

Version Release Date Comments
v1.0.0 September 2016 Initial release.
v1.1.0 May 2017 Minor updates.

© Intersect Alliance International Pty Ltd Page 4 of 22
2. Overview
Snare operates through the actions of a single component; the SnareCore service based application (snarecore.exe). The
SnareCore service interfaces with the Windows event logging sub-system to read, filter and send event logs from the
primary Application, System and Security event logs to a QRadar instance. Please note that where available, the agent is
also capable of reading, filtering and sending logs from the DNS Server, File Replication Service, DFS-Replication and
Directory Service logs, as well as any Custom event log sources such as those under Applications and Services Logs. In
addition to regular event logs, SnareCore will collect USB connect and disconnect notifications
Once gathered, the logs are then filtered according to a set of objectives chosen by the administrator, and passed over a
network using the UDP or TCP protocol, using optional TLS/SSL encryption, to a remote server. The SnareCore service
can be remotely controlled and monitored using a standard web browser.
© Intersect Alliance International Pty Ltd Page 5 of 22
3. The QRadar Snare Application
Once the Snare Application is loaded into QRadar, a new dashboard Snare Dashboard will appear in the top menu in
QRadar. Once you select this new Snare Dashboard you will be presented with the user interface (UI) for this application.
The Snare for QRadar application provides detailed information about events generated by Snare for Windows including:
File Access
Registry Access and Modifications
USB activity
Administration events
Logon Success and Failure
Process Information
In addition, events can be correlated together and matched against known fingerprints to detect possible threats on the
network.
The main application consists of the following:
The Left Navigator pane displays the main subject menu items.
The Main Window displays the detailed information for each of the menu items in the navigator.
The Display Filter is a subject-specific form located at the top of the Main Window to allow different search
parameters.
In the left navigator pane, the Dashboard item displays top level overviews of the Snare events in the main window.
Several other menu items are also included to that link to detailed event information for the specific events types. A Threat
Analysis item displays possible threats on the network for a given time period. Help and other useful links are also
provided to help users setup Snare for QRadar.
Filter Time Periods
For each of the displays available throughout the QRadar Snare application, the search time period can be selected using
the Time Period drop down box. Built in time periods include:
Last 5 minutes
Last 10 minutes
Last 30 Minutes
Last Hour
Last 3 Hours
Additionally, a user can manually specify a time period by selecting Custom Date/Time from the time period drop down
box. When this item is selected, the Start and End date/time selector boxes become enabled. Clicking in each of the
selector boxes displays a date/time selector widget. Simply select the date and then the time of day to input the date/time
into the filter. Click Search to start scanning.
© Intersect Alliance International Pty Ltd Page 6 of 22
4. Dashboard
Clicking on the Dashboard menu item will give you an overview of the types of events captured by the QRadar instance.
Reports are represented as top ten pie charts for a given time period and are host based by default. Using the Display
drop down box, reports can be generated based on the event user by selecting the Top 10 By User display item. The time
period can be changed using the drop down menu above the display and clicking the red Search button.
Each individual pie chart is interactive which allows users to drill down on an individual section of data. Simply clicking on
a piece of pie will display a report of how that data is spread across the different category types for the given time period.
At any time, a user can click the View Event Activity under the associated pie chart to show a detailed list of the events
used to generate the report.
© Intersect Alliance International Pty Ltd Page 7 of 22
5. File Events
The File Events menu item will display only file auditing events. The default filter is set to all users, all hosts, all
processes, all files and directories for the last 5 minutes. The filter can be modified to suit the search needs up to the last 3
hours or alternatively, selecting a Custom Date/Time time period, a user can search over a specific time range. If there
are may events present then the Prev/Next buttons on the top right can be used to navigate through the data one page at
a time. The areas highlighted in Red/Green/Blue can be clicked on to allow a drill down of the event for complete details of
that event. The area that is color coded is designed to help identify particular event types more quickly.
The activity line chart below the list of events shows the event activity with respect to time. Each series in the activity chart
is color coded to match that shown in the event list.
© Intersect Alliance International Pty Ltd Page 8 of 22
6. Registry Events
The Registry Events menu operates in much the same way as the File Events but is specific for the Registry Events. The
default search will show all users, all Hosts, all Processes, All keys, audit events for the last 5 minutes. The filter can be
modified to suit the search needs up to the last 3 hours or alternatively, selecting a Custom Date/Time time period, a user
can search over a specific time range. If there are many events present then the Prev/Next buttons on the top right can be
used to navigate through the data one page at a time. The areas highlighted in Red/Green/Blue can be clicked on to allow
a drill down of the event for complete details of that event. The area that is color coded is designed to help identify
particular event types more quickly.
The activity line chart below the list of events shows the event activity with respect to time. Each series in the activity chart
is color coded to match that shown in the event list.
© Intersect Alliance International Pty Ltd Page 9 of 22
7. Logon/Logoff Events
The Logon/Logoff Events menu displays event details pertaining to all logon or logoff activity as well as logon failures and
locked accounts. The default search will show all users, all Hosts and all operations for the last 5 minutes. The filter can
be modified to suit the search needs up to the last 3 hours or alternatively, selecting a Custom Date/Time time period, a
user can search over a specific time range. If there are many events present then the Prev/Next buttons on the top right
can be used to navigate through the data one page at a time. Each individual event in the list can be clicked on to allow a
drill down of the event for complete details of that event. The area that is color coded is designed to help identify particular
event types more quickly.
The activity line chart below the list of events shows the event activity with respect to time. Each series in the activity chart
is color coded to match that shown in the event list.
© Intersect Alliance International Pty Ltd Page 10 of 22
8. USB Events
The USB Events menu displays event details pertaining to USB Plug and Play (PnP) operations as well as any other
device arrivals or removals. The default search will show all users, all Hosts, all USB operations and serial numbers for
the last 5 minutes. The filter can be modified to suit the search needs up to the last 3 hours or alternatively, selecting a
Custom Date/Time time period, a user can search over a specific time range. If there are many events present then the
Prev/Next buttons on the top right can be used to navigate through the data one page at a time. Each individual event in
the list can be clicked on to allow a drill down of the event for complete details of that event. The area that is color coded is
designed to help identify particular event types more quickly.
The activity line chart below the list of events shows the event activity with respect to time. Each series in the activity chart
is color coded to match that shown in the event list.
© Intersect Alliance International Pty Ltd Page 11 of 22
9. Administrative Events
Clicking the Administrative Events menu item displays event details pertaining to all administrative operations including
account creations, updates, deletions and password changes. Any changes to security groups or domain policies are also
captured and displayed. The default search will show all users, all hosts and all administrative operations for the last 5
minutes. The filter can be modified to suit the search needs up to the last 3 hours or alternatively, selecting a Custom
Date/Time time period, a user can search over a specific time range. If there are many events present then the Prev/Next
buttons on the top right can be used to navigate through the data one page at a time. Each individual event in the list can
be clicked on to allow a drill down of the event for complete details of that event. The area that is color coded is designed
to help identify particular event types more quickly.
The activity line chart below the list of events shows the event activity with respect to time. Each series in the activity chart
is color coded to match that shown in the event list.
© Intersect Alliance International Pty Ltd Page 12 of 22
10. All Events
The All Events menu item will show all events being received from the Snare Agents. You can page through these events
by using the Prev/Next buttons on the top right. The number of events shown is also based on the filters applied which
has a default of 5 minutes and shows all users and hosts. The filters can be applied to restrict the search to specific users
or systems for a specified time period to the last 3 hours. Alternatively, selecting a Custom Date/Time time period, a user
can scan for all events over a specific time range.
The activity line chart below the list of events shows the event activity with respect to time.
© Intersect Alliance International Pty Ltd Page 13 of 22
11. Threat Analysis
Threat Analysis applies fingerprint analysis techniques on scanned events to detect possible threats on the network.
Clicking on the Threat Analysis menu item will analyse the scanned events generated in the last 5 minutes looking for
threats. Any threats are displayed to the user along with the threat activity with respect to time. The time period can be
modified to suit the search needs up to the last 3 hours or alternatively, selecting a Custom Date/Time time period, a user
can search over a specific time range.
A detected threat displays the following:
The threat type
The start and end time of the threat
The threat source (host name and/or IP address).
The threat severity.
Threat accesses and operations.
By clicking on a displayed threat, the events matching the threat fingerprint are displayed in the panel below. Clicking
Close will revert the display back to the activity chart.
For version 1.1.0, only Rubber Ducky threat types are supported. More types are planned for future versions.
© Intersect Alliance International Pty Ltd Page 14 of 22
12. Configuring Snare Windows Agent
The configuration settings are outlined below for sending events to IBM’s QRadar via:
Snare Enterprise Agent for Windows (Version 5 and above)
Snare Enterprise Agent for Windows (Legacy)
Snare Enterprise Agent for Windows (Version 5 and above)
From your Snare Enterprise Agent, navigate to the Destination Configuration page and update the following settings:
In the Network Destination section, enter the IP address of the QRadar instance in the Domain/IP field.
Set Port to 514.
Select UDP or TCP (recommended).
Select the appropriate SYSLOG RFC3164 Format supported by the QRadar.
In the General Destination Options section, select the Host IP As Source checkbox to use the detected IP
address as the event source IP.
Select Update Destinations to save your settings, and select the Apply Configuration & Restart Service to update the
registry.
For effective auditing, it is recommended that automatic auditing is enabled. To enable automatic auditing navigate to the
General Configuration page.
Check the Allow Snare to automatically set audit configuration? checkbox.
Check the Allow Snare to automatically set file audit configuration? checkbox.
Snare Enterprise Agent for Windows (Legacy)
From your Snare Enterprise Agent, navigate to the Network Configuration page and update the following settings:
Select the Use Host IP Address Override for source address checkbox. On saving the page the field Override
detected DNS Name with will be populated.
Set Destination Port to 514.
Select UDP or TCP (recommended) protocol.
Select the Enable SYSLOG Header? checkbox.
Select the SYSLOG Header Format as Syslog.
Select Change Configuration to save your settings, and select the Apply the Latest Audit Configuration, to update the
registry.
For effective auditing, it is recommended that automatic auditing is enabled. To enable automatic auditing navigate to the
Network Configuration page.
Check the Allow Snare to automatically set audit configuration? checkbox.
Check the Allow Snare to automatically set file audit configuration? checkbox.
Audit Setup
Regarding Allow Snare to automatically set file audit configuration? in order for Windows to collect file and
registry access records, not only must the correct audit category be selected, but also the correct object auditing
parameters must also be set. Setting this field will automatically set these parameters, based on the objectives which
have been set. It is highly recommended that this checkbox be selected.
For file auditing, enter the target file or directory into the General Search Term of the objective, e.g. c:\payroll\.
For registry auditing (HKEY_LOCAL_MACHINE only), enter MACHINE\keyname into the General Search Term of the
objective, e.g. MACHINE\SOFTWARE\InterSectAlliance\AuditService.
© Intersect Alliance International Pty Ltd Page 15 of 22
Objectives Setup
A major function of the Snare system is to filter events. This is accomplished via the advanced auditing ‘objectives’
capability. Any number of objectives may be specified and are displayed on the Objectives Configuration page. By
default a set of objectives is available with the Snare Enterprise Agent for Windows installation.
To create a new objective click Add, or to view/edit an existing objective select Modify. The following parameters may be
set:
© Intersect Alliance International Pty Ltd Page 16 of 22
Identify the high level event. Each of the objectives provides a high level of control over which events are
selected and reported. Events are selected from a group of high level requirements and further refined using
selected filters. Only Windows Security Event Log events are contained within the high level groups. Details on
which Windows Event Log event IDs are used to generate the following objectives can be found in Appendix C –
Objectives and security event IDs:
Logon or Logoff
Account administration
Access a file or directory
Change the security policy
Start or stop a process
Restart, shutdown and system
Use of user rights
Filtering platform events
USB event
Any event(s).
The above groups are provided to service the most common security objectives that are likely to be encountered. If
other event types are required, then the Any event(s) objective will allow fully tailored objectives to be set.
The following filters can be applied to incoming audit events:
Event ID Search Term. Each event contains a unique number known as the Event ID. If the high level event Any
event(s) is selected, then the user is able to filter on the EventID field. If multiple events are required, the user may
enter the event IDs as a comma separated string. Example: 562,457,897. Using the wildcard character ‘*’ will
select all events. Use the wildcard with caution since ALL events will be collected and passed to the remote host.
For all other high level events, this field is ignored and automatically managed by the agent.
The user may select whether to include or exclude messages that match this objective. If an objective is set to
‘Exclude’, matching event logs will be immediately discarded. Note: Ensure the Perform a scan of ALL objectives
configuration option is disabled in the Network Configuration window.
General Search Term. This allows the user to further refine a search based on the event record payload. For most
high level events, this option will search all the fields of an event record, except the header. For simple searches
© Intersect Alliance International Pty Ltd Page 17 of 22
(i.e. not a regular expression), there is NO need to use the wildcard character at the start or end of this field as it is
automatically added to the search term when the objective is saved. The exception to this rule is when the Access
a file or directory high level event is selected and the Automatically set file audit configuration option is
enabled. In this situation, the General Search field is used to identify the file, directory or registry location that
requires auditing. The user may select whether to include or exclude messages that match this objective by
selecting the Includeor Exclude radio buttons.
Example: To monitor a file being opened for reading, the objective Access a file or directory would be selected and
the actual directory would be entered into this field as follows: C:\Example\. The agent will then recursively apply
auditing to the destination folder, ensuring that any files or directories below C:\Example would be subject to audit
and trapped. Please note that regular expressions and wildcards do not work when the Access a file or directory
high level event is selected.
The search string may be treated as a Perl Compatible Regular Expression if the Regular Expression checkbox is
selected. This allows more powerful and refined text matching and targeted objectives allowing sophisticated
forensic analysis and reporting, particularly when small details get lost in noisy log environments. Some common
useful regular expressions include:
Event contains email address:
([a-z0-9_\.-]+@([\da-z\.-]+\.([a-z\.]2,6)
Event contains URL:
(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]2,6)([\/\w \.-]*)*\/?
Event contains IP address:
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)3(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
Event contains hex-numbers:
#?([a-f0-9]6|[a-f0-9]3)
User Search Term. An event record may be selected or discarded based on a userid, or partial match of a userid.
If no users are entered AND the Include radio button has been selected, then ALL users will be audited. If a term is
entered in this field, then an event record will be trapped or discarded based on a valid match and whether the
Include or Exclude radio buttons have been selected. There is no need to use the wildcard character at the start
and end of this field as it is automatically added when the objective is saved. Multiple users may be entered using a
comma separated list.
Source Search Term. This feature is relevant for Windows Vista/2008 and above, where much of the key
information is buried in the Applications and Services logs. See Custom Event Log for further details. For
example to include the events in DNS Server as displayed below, then the Source Search Term should be set to *
and the event logs should be checked for DNS Server.
If setting a file search parameter, it is important that the FULLY QUALIFIED directory name is entered so that the
Snare system can set the appropriate auditing. For example, C:\TEMP\SECRET* will work, but SECRET* will not.
© Intersect Alliance International Pty Ltd Page 18 of 22
Latest events window displays the Source Name as below:
Identify the event types to be captured. Windows uses many different audit event types, including:
Success Audit
Failure Audit
Information
Warning
Error
Critical
Verbose
© Intersect Alliance International Pty Ltd Page 19 of 22
Activity Tracing.
Below is an example of a logged event in Event Viewer. The Level: field displays this event type as Information. If it
is unclear which type of event is required, then selecting all of the check boxes will ensure that no events are lost.
Note if none of the checkboxes are selected, then no events will be trapped.
Identify the event logs. Windows collects logs from a number of event log sources. On Windows Servers, all six
primary event logs may be found, however on pre-Vista Workstation installations only three of these event logs
(Security, System and Application) are available. The event log options are:
Security
System
Application
Directory Service
DNS Server
DFS Replication
Legacy FRS
Custom Event Log (see below for further information)
If in doubt, there will be no harm done in selecting all event log types, except that Snare will now read from, and
attempt to filter, from all the selected event logs and this will have some slight negative performance impact. Please
note, if any high level event except for Any event(s) is selected, then this item is ignored as it is set automatically
by the high level event.
© Intersect Alliance International Pty Ltd Page 20 of 22
Select the Alert Level. A criticality level may be assigned to enable the Snare user to designate audit events to
their most pressing business security objectives, and to quickly identify the level of importance via the coloured
buttons. The Latest Events page will highlight the event in the selected colour assigned to your objective.
Critical
Priority
Warning
Information
Clear
Capturing Custom Event Logs
Custom event logs (only available for Snare Enterprise Agents) are captured beyond the Windows Logs events, that is,
within Applications and Services Logs. To capture the custom logs, create or modify an objective and select the Custom
Event Log check box under Identify the event logs area, and then specify the specific name of the log in the Source
Search Term.
To find the specific name of the log, start the Event Viewer, and browse to the event log you wish to capture, and open the
Properties dialog. For example, for Group Policy logs the name to enter in the objective for Source Search Term can be
found on the Event Viewer’s Details tab (Friendly View) for that event as displayed below:
Once the configuration is saved and as your expected events are logged, the latest events will then display the logs.
Info
Objectives will be processed by the agent in the order they appear, that is, top to bottom. Use the up and down
arrows in the Order column to reorganize your objectives into the appropriate order. Place any Exclude
objectives (where you are excluding an Event ID) at the top of the list to ensure unwanted events are discarded.
© Intersect Alliance International Pty Ltd Page 21 of 22
13. About Snare Agents
The team at Intersect Alliance have developed auditing and intrusion detection solutions on a wide range of platforms,
systems and network devices including Windows, Linux, Solaris, Apple Mac OSX, Cisco ASA/PIX firewalls, Cisco routers
and switches, Checkpoint, PaloAlto, IIS, Apache, Exchange, MVS (ACF2/RACF), and many more. We have in-depth
experience within National Security and Defence Agencies, Financial Service firms, Public Sector Departments and
Service Providers. This background gives us a unique insight into how to effectively deploy host and network intrusion
detection and security validation systems that support and enhance an organisation’s business goals and security risk
profile.
Native intrusion detection and logging subsystems are often a blunt instrument at best, and when your security team
strives to meet departmental, organisational, industry or even national security logging requirements, a massive volume of
data can be generated. Only some of this data is useful in evaluating your current security stance. Intersect Alliance has
written software ‘agents’ for a wide range of systems that are capable of enhancing the native auditing and logging
capabilities to provide advanced log filtering, fast remote delivery using secure channels, remote control of agents from a
central collection server, and a consistent web based user interface across heterogeneous environments.
The agents have an enterprise-level feature set, yet are designed to be light on disk space, memory and CPU to ensure
that your servers can meet security requirements without compromising their ability to stick to core business. The agents
are capable of sending data to a wide variety of target collection systems.
For a free trial on the Snare Enterprise Agents visit https://www.intersectalliance.com/try-snare-eval-now/.

Operating System
Agents
Snare Enterprise Agent
for Windows (XP-10,
2003-2016)		Interacts with the underlying Windows Eventlog subsystem to facilitate remote, real-time
transfer of event log information. Log data is converted to text format, and delivered to a
remote SIEM server or to a remote Syslog server with configurable and dynamic facility
and priority settings.
Snare Enterprise Agent for
Linux (RHEL, SLES,
Debian, Ubuntu)		Allows event logs from the native Linux audit subsystem to be collected from the operating
system, and forwarded to a remote audit event collection facility after appropriate filtering.
Snare Enterprise Agent for
Solaris (10 and 11, Sparc
and X86)		Provides front end filtering, remote control, and remote distribution for Solaris audit data,
interfacing with the underlying Sun “Basic Security Module”.
Snare Enterprise Agent for
OSX (10.7-10.10, 10.11
and 10.12 coming soon)		Allows event logs from the OSX subsystem to be collected from the operating system for
Macintosh computers, and forwarded to a remote audit event collection facility after
appropriate filtering.
Epilog Agents
Snare Enterprise Epilog for
Windows		Designed to facilitate the central collection and processing of Windows text-based log files
such as DNS logs, IIS, Apache, DHCP and other application text log files.
Snare Enterprise Epilog for
UNIX		Provides a method to collect any text based log files on the Linux and Solaris operating
systems including the logs in /var/log, Apache, Squid and any other application text log
file.
Database Agents
Snare Enterprise Agent for
MSSQL		Allows the security staff to track all SQL commands run by the DBA or other privileged
users on any Microsoft SQL Server to be filtered and forwarded to a remote audit event
collection facility for analysis.

For further information on the Intersect Alliance product suite please visit https://www.intersectalliance.com/our-product/.
© Intersect Alliance International Pty Ltd Page 22 of 22
14. About Intersect Alliance
Intersect Alliance, part of the Prophecy International Holdings Group, is a team of leading information technology
security specialists. In particular, Intersect Alliance are noted leaders in key aspects of IT Security, including host
intrusion detection. Our solutions have and continue to be used in the most sensitive areas of Government and
business sectors.
Intersect Alliance intend to continue releasing tools that enable users, administrators and clients worldwide to achieve
a greater level of productivity and effectiveness in the area of IT Security, by simplifying, abstracting and/or solving
complex security problems.
Intersect Alliance welcomes and values your support, comments, and contributions. For more information on the
Enterprise Agents, Snare Server and other Snare products and licensing options, please contact your local Prophecy
Group as follows:
The Americas +1 (800) 834 1060 Toll Free | +1 (303) 771 2666 Denver
Asia Pacific +61 8 8211 6188 Adelaide Australia
Europe and the UK +44 (797) 090 5011
Email [email protected]
Visit www.intersectalliance.com

Leave a Reply

Your email address will not be published. Required fields are marked *