An Eye for an API

Image

If the eyes are the window to the soul, then the Application Programming Interface (API) is the window to the software.

After all, an API is a way for products to communicate with each other through a documented interface, just as the eye is a human interface, communicating with the outside world (but it’s not as well-documented as to meanings). APIs allow companies to open up data to external third party developers, consume data from third-party product interfaces, and automate and orchestrate mundane processes that are often prone to human error.

An API is where a product interacts with itself and other products and processes in a well-defined and secure fashion.  Tripwire’s products have API’s that you can take advantage of to automate your processes. 

Developers have been leveraging the API’s in Tripwire’s products in a variety of interesting ways over the years.  For example, because Tripwire Enterprise (TE) has a baseline of files from across an enterprise, those files can be compared against each other to detect application drift and anomalies in installations. 

A developer can quickly leverage an API with ease and invoke it via a web browser, scripting language, or command line.  Both Tripwire Enterprise and IP360 have a command line interface utility; tecommander, and ip360cmd.  They allow you to work with asset tags, reporting, specific data queries, etc.  There is also a REST API for the Tripwire products.  Developers often use the REST API’s to integrate the Tripwire products to other products as part of the security ecosystem.  They are also the basis for the TEIF integration used to tie Tripwire Enterprise to a ticketing system. 

One customer I worked with used the Tripwire Enterprise TECommander scripting tool to integrate the Tripwire Asset Management platform with their CMDB.  Assets there were moved into a test environment first, and so a call to the CMDB API pulled that information and used it to asset tag the new asset in Tripwire Enterprise with the asset tag “Test”.  This asset then showed up in reports for the test environment.  Once the asset was configured and tested, it would be promoted to the production environment, and the asset tag in the CMDB was changed to “production”.  This also enabled the asset to be included in the production reports; an automated process that the Tripwire administrator didn’t have to worry about.

APIs enable enterprises to innovate faster and reach new audiences with new capabilities.  The information that Tripwire pulls from the systems it monitors can be valuable to a lot of other systems. 

Other customers have also used API calls in other beneficial ways, including:

• Using the Tripwire API calls to pull information Tripwire gathered about changes on endpoints to enhance the information provided by their GRC reporting system.
• Pulling the latest hash values of critical files and comparing them across their enterprise to reduce unexpected version drift.
• Pulling the latest high-risk vulnerabilities from IP360 and putting them into Service Now tickets to assign the remediation work on the assets with those vulnerabilities.

Newer features in the Tripwire Enterprise API’s allow you to pull information from various system types and create a Node in Tripwire enterprise on-the-fly, and baseline information from that device or software in Elements so that you can take advantage of the Tripwire Enterprise baselining engine. This is true even if it’s a device type not currently supported directly by Tripwire Enterprise. 

Thanks to the API’s, Tripwire Enterprise can work with any software or device that has an API or web interface.  This same API has been used by Tripwire to integrate with Claroty, Forescout and Nozomi to pull assets and asset information from these OT-based passive monitoring solutions, baselining those OT devices in Tripwire Enterprise.  This allows Tripwire to track changes to these monitored devices. That information can be leveraged to search for change tickets applied to those OT devices (for more mature OT environments that start to use a change process), and even create Content Policy tests in TE to ensure settings in the OT devices are as expected.

Another great example for organizations using Tripwire IP360 is Tripwire IP360 Commander, which is a powerful yet simple way to integrate and automate many of the complex systems and enterprise applications needed for business.

Tripwire IP360 Commander is a cross-platform command line interface (CLI) for Tripwire IP360 that allows unlimited integration and workflow possibilities. It also offers a consistent, flexible, and reliable way to retrieve rich information from Tripwire IP360. Reference integrations exists for GRC, ITSM, IAM, Cloud Platforms, and Asset Discovery. And it’s also free!

At Tripwire, we believe our solution set is designed to provide the best foundation for your security and compliance program, but it is only one piece of a complex puzzle. We know that you have too few people running so many complex processes around IT Service Management, DevOps, Governance and Risk, Incident Response, Identity and Access Management, and on and on.

It’s critically important for Tripwire to be a good citizen within that ecosystem, and our ability to integrate and share information with other tools and applications is how we achieve that. At Tripwire, we use this collaborative approach to align solutions with your evolving IT ecosystem. This has been, and remains, a core value over our 25-year history.

To learn more about how the Tripwire product portfolio can secure your business, click here.