Reports for Increasing Security

Tripwire Enterprise includes a comprehensive library of reports and online dashboards that can be tailored to any environment and need. They provide valuable performance metrics and trends that help you do everything from show change status and history across the enterprise, to perform forensics on an unauthorized change or intrusion.

Actionable change reporting is essential to configuration control and change automation for providing the necessary information to enforce your change/configuration policies and correlate actual changes with change orders. Tripwire Enterprise includes actionable reports and online dashboards that show change status and history across the enterprise and assist in problem/incident resolution, enabling you to improve repair times and fix inconsistencies across systems thought to be similar.

Use the tabs below to view sample reports most helpful for compliance and security. You may also download the Tripwire Enterprise Report Catalog, with samples of all available reports.

Changes By Severity
This report lists nodes having changes in each of the user-defined severity ranges.

Usage: A high-level report showing unresolved changes by severity. This report is typically run to identify configurations that have deviated from their known and trusted baseline.

Nodes with Changes
Lists the nodes that currently have changes corresponding to specified severity levels.

Usage: Quickly identifies nodes with specified changes, showing authorized vs. unauthorized.

Report Linking
Report Link Criteria provides the ability to link certain reports allowing for the ability to "drill-down" or link from a report being viewed to a subsequent report with an increased level of detail. For example, one may want to link from a Change Process Compliance report, to a Changed Elements report for a list of unapproved changes, then to a Detailed Changes report on a particular element.

Detailed Waivers
For each specified node and test, this report provides a complete listing of all applicable waivers and related details such as waiver start and end dates, reason for the waiver, and who is responsible for remediation.

Usage: Security and IT operations can use this report to manage waivers and remediation more effectively and with less effort.

Detailed Test Inventory
For each specified test, this report provides a test definition that includes details such as test description, type, severity and weighting.

Usage: This report makes it easy for management to generate and share formal test documentation, as well as view this information offline.

Test Results by Node
For each specified node, this report shows both a summary and a detailed breakdown of the latest test results. The report can also be configured to only display failed tests and associated remediation steps.

Usage: This report functions as a prescriptive "punch list" that system administrators can use to expedite necessary remediation tasks.

Detailed Test Results
This report lists all policy results for each specified node that meet the specified report criteria. For each result, the output indicates which element was tested, and the outcome (passed/failed). This report is a means of identifying specific settings that are out of compliance with a policy and that may require modification.

Change Variance Report
Compares current changes on specified nodes.

Usage: This report is frequently used to compare changes on nodes after a patch/install has been implemented. Changes that are inconsistent across the nodes are flagged and reported.

Reference Node Variance Report
This report identifies all elements that differ between one "reference" node and one or more other "compare" nodes.

Usage: This report detects configuration drift. Any changes that are inconsistent across the nodes are flagged and reported.

Detailed Changes
This report compiles comprehensive change information for elements on specified nodes.

Usage: Detailed information for investigating suspect changes.

Changed Elements
Summary information for each changed element can include the time, type (addition, deletion, and modification), attributes, user, and packages affected by the change. Changes can be grouped by approval identifier so all unauthorized, as well as authorized, changes are immediately visible.

Usage: Identifies the who, what, when and where of changes for compliance reporting. Typically executed on an ad hoc basis as known changes are made, or daily/weekly as a record of changes for that interval.

Monitoring Policy
This report identifies the components associated with each file system, registry, database server, and directory server.

Usage: Allows security to identify and verify that all the proper components are being monitored for specified rules.

User Roles
For a specified node or node group, this report identifies the effective user role for a selected user account. The effective user role is the actual level of control that the user has over the specified node or node group.

Usage: Management report showing who has access to what in the Tripwire Enterprise Server. Typically run monthly, potentially more often depending on process maturity.