Tripwire® State Analyzer automates change alerts. It works in tandem with Tripwire Enterprise and Tripwire IP360™ to provide smart alerting and automation in critical security areas that are not manageable by traditional system state monitoring approaches. Originally developed for customers with high security requirements in the electric generation and transmission utilities industry, its high adoption rate now spans multiple industries that face similar monitoring challenges. Tripwire State Analyzer is scalable, flexible, and easy to maintain. This document highlights available reports.
Users and Passwords In the solution for local users, multiple aspects of user accounts are reported on. The solution has built-in options which allow for: » Addition of custom fields » Option of readable output, or CSV output » Alerting on password over allowed age limit » Alerting on passwords nearing allowed age limit
Evidence Reporting
Security Alerting
Systems with new unauthorized users or stale passwords have change indicators from green to red. This example shows a detailed report of just the exceptions that a System Administrator should attend to.
Support and Requirements
This solution is supported on:
- Windows
- RHEL
Ports
Reports are generated to support two use cases: evidence reporting and alerting for daily maintenance of compliance. Report generation is automated once the solution is fully implemented, and allows for scanning as often as is desired.
Evidence Reporting
The solution has built-in options which allow for:
- Ephemeral ports
- Port ranges
- TCP and UDP
- Digest data from nmap or IP360
- Matching ports to process
- Addition of custom fields to reports
Support and Requirements
This solution is supported on:
- Agent-based, internal scanning:
- Windows
- RHEL
- AIX
- Solaris
- Agentless, external scanning for an IP device
Compliance Alerting
Services
Once the user has supplied information about normal or expected services on a system or class of systems, Tripwire will alert on new, unexpected ports. Report generation is automated once the solution is fully implemented, and allows for reporting as often as is desired
Evidence Reporting
The solution has built-in options which allow for:
- Specifying justification by individual servers or by server role
- Custom fields
Support and Requirements
This solution is supported on:
- Windows
- RHEL
- AIX
- Solaris
Compliance Alerting
Platform Coverage and Requirements
All solution areas listed in the chart below are based on Tripwire Enterprise. All server platforms require Tripwire Enterprise v8.0 or later and a Tripwire Enterprise agent installed on the server.
