Tripwire® ExpertOps™ Service Description

Overview

To support our clients’ ability to monitor their IT assets, the Tripwire ExpertOps service (“ExpertOps Service”) provides a hosted Tripwire Enterprise (“TE”) console, licensed Tripwire Enterprise software for managed nodes as described in an order, and system administration services provided by Tripwire’s Managed Services during the ExpertOps Service term. ExpertOps Service is offered on an annual basis, and includes standard implementation, monitoring, reporting and support during the term based on the client’s configuration instructions and policies.

1.0 ExpertOps Service Tiers for Tripwire Enterprise

Essential: Provides day-to-day maintenance of the TE console and managed nodes as a managed service for clients that need change management or compliance information. This is ideal for clients that are just getting started with change management or compliance practices. Clients receive information that helps them respond to change or compliance issues.

Advanced: In addition to the ExpertOps Services provided at the Essential tier, the Advanced tier includes:

  • Tactical tuning assistance to ensure that the most important information is highlighted for action,
  • Customized reporting and dashboards, with a more detailed analysis of results,
  • Dedicated problem resolution support, and
  • Use of the Dynamic Software Reconciliation (DSR) TW-App, which allows clients to gain control over larger volumes of change information and reduces the burden of change reconciliation associated with patching.

Advanced Plus : ExpertOps Services at the Advanced Plus tier are more tightly integrated with the client’s change and compliance practices. In addition to the ExpertOps Services provided at the Advanced tier, the Advanced Plus tier includes:

  • The development of an operational use plan with best practice recommendations,
  • Assisting with reconciliation of change and prioritization of remediation activities, and
  • An assigned program coordinator to help the client prioritize work activities.

The specific Services included in each tier are shown below:

Features

Essential

Advanced

Advanced Plus

Management

Console Maintenance

Included

Included

Included

Content Maintenance

Included

Included

Included

Service Status Updates

Monthly meetings

Weekly meetings

Semi-weekly meetings

Service Plan Development

Included

Included

Included

Asset Onboarding

Included

Included

Included

FIM Content Tuning

Included

Included

Client Requests

6/month

12/month

Unlimited

User Management

Included

Included

Included

Custom App Monitoring Configuration

Up to 4

Unlimited

Dashboard and Reporting Maintenance

Included

Included

Included

Dashboard and Report Creation

Included

Included

Monitoring

Console Health Monitoring

Included

Included

Included

Report Distribution

Included

Included

Included

Event Handling

Included

Included

Task Completion

Included

Included

Included

Agent Health

Reporting only

Included

Included

Business Process Integration

TW Apps Management

Included

Included

TW Apps Licensing

DSR

DSR

TW Apps Upgrade

DSR

DSR

Remediation Prioritization

Included

Change Reconciliation (Promotion)

Included

Regulatory

Policy Tuning and Guidance

Included

Waiver Management

Included

Audit Assistance

Included

Included

Management Consulting

Service Performance Reviews

Yearly

Quarterly

Bi-monthly

Program Coordinator (Project Executive)

Included

CISO + Executive Review

Included

Organizational Grading

Included

Operational Use Plan Update

Included

Tripwire Prescriptive Policies and Content

Included

Analysis and Problem Support

Defect Support

Tripwire Customer Center

Managed Services Lead

Managed Services Lead + escalation priority

Reporting Analysis

Included

Included

Agent Health Analysis

Included

Included

RCA/RFO Process

Included

Included

Product Deployments

Policies Included

FIM and 1 policy

FIM + two policies (standard policies only)

Unlimited + support of custom policies.

Real Time Functionality

Included

Included

Custom Policies

Included

Custom App Monitoring

4 Applications

Unlimited

Named Users

2

4

6

Roles

Client Lead - Primary point of contact at the client for the Managed Services Lead; provides guidance to the Managed Services Lead on asset configuration, classification and priorities, and compliance policies to be monitored; receives status reports and updates from the Managed Services Lead.

Tripwire Managed Services Lead –Primary administrator of the ExpertOps Service for the client; responsible for regular operational and maintenance activities.

Tripwire Engagement Manager - Primary point of escalation within Tripwire; responsible for the client’s ExpertOps account; works with the Managed Services Lead and Service Manager to ensure successful execution of all standard activities.

Tripwire Service Manager - Responsible for the management and delivery of all ExpertOps Services accounts; works with the Engagement Manager and the Client Lead to establish strategic goals for client and Tripwire.

Tripwire Program Coordinator – For Advanced Plus clients, a project executive is assigned to provide overall leadership with respect to service delivery to the client, including prioritizing work efforts, managing critical escalations, acting as a liaison to Tripwire cross-functional organizations, and presenting the results of service delivery to client stakeholders.

2.0 ExpertOps Service Task Descriptions

2.1 Management

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Console Maintenance: As part of ongoing application maintenance, Tripwire periodically releases patches addressing emergent issues affecting TE, and updates with product improvements. The Managed Services Lead will coordinate the timing of the implementation of patches and updates with the Client Lead. The TE implementation must be kept within one release of the current release.

Content Maintenance: Tripwire releases updates to FIM and policy content based on industry benchmark availability and the urgency of updates for a particular platform. The Managed Services Lead will work with the Client Lead to determine the applicability of available content to the client’s requirements.

Service Status Updates: On a frequency aligned with the service tier (monthly, weekly or twice weekly), a status report will be delivered to the Client Lead, the Tripwire Engagement Manager, and the Tripwire Service Manager. This report will contain a high-level overview of the daily and weekly activities completed. This report will also include any noteworthy issues encountered (with resolution, if any), event tickets created and status of change requests submitted by the client.

Service Plan Development: During a standard implementation, the Managed Services Lead and Tripwire Professional Services consultant will jointly develop a plan that outlines communication practices, escalation practices and any specialized requests from the client. At the Advanced Plus tier, clients receive a more in-depth, granular document that highlights detailed console configurations, history of changes, and joint operational procedures as they apply to change and configuration management (Operational Use Plan), which is updated on a quarterly basis.

Asset Onboarding: Additional monitored assets can be added during the ExpertOps Service term with a purchase order. The Managed Services Lead will review any new nodes that are added and, upon guidance from the Client Lead, classify the nodes for monitoring and reporting using the appropriate tagging within the TE console.

FIM (File Integrity Monitoring) Content Tuning: For clients at the Advanced and Advanced Plus tiers, the Managed Services Lead and the Client Lead will work together to identify potential candidate deviations to be tuned out as noise. In this context, noise is considered changes that do not provide meaningful information and should be excluded from monitoring.

Client Requests: Client configuration or informational requests will be made through Tripwire’s Customer Center. The number of requests included in ExpertOps Service varies by ExpertOps Service tier (from 6 per month to unlimited).

User Management: In order to support effective separation of duties within the client environment, Tripwire Enterprise offers full role-based access control. There are several built-in roles that can be assigned to individual users; additional custom roles can be constructed as well. Clients may request additional user access through the Tripwire Customer Center.

Custom App Monitoring Configuration: For clients at the Advanced and Advanced Plus tiers, Tripwire Enterprise can be configured to monitor custom applications. When a new application monitoring rule is necessary, the Client Lead will deliver an application monitoring questionnaire to the appropriate client subject matter expert. Application monitoring may include specific directories to be monitored or database queries to identify important changes. The maximum number of custom applications to be configured for monitoring varies by service tier. It is critical that accurate and detailed information be provided by application subject matter experts to ensure the effectiveness of monitoring. Tripwire is not responsible for the quality of client-defined monitoring requirements.

Dashboard and Reporting Maintenance: The standard implementation of TE includes a full complement of tailored reports, created and configured by the Managed Services Lead based on direction from the Client Lead. The Managed Services Lead will adjust the standard reports from time to time at the Client Lead’s request to keep pace with the client’s changing environment and monitoring needs.

Dashboard and Report Creation: For clients at the Advanced and Advanced Plus tiers, ExpertOps Service includes creating new reports and dashboards at the Client Lead’s request to keep pace with the client’s changing environment and monitoring needs.

2.2 Monitoring

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Console Health Monitoring: As with any enterprise-class application, TE benefits from occasional maintenance activities and performance review. The Managed Services Lead will regularly review the operational metrics of the TE Console and make any adjustments or corrections considered necessary or advisable.

Report Distribution: As part of a standard implementation, TE is configured to deliver tailored reports on a regular basis. To ensure consistent distribution, the Managed Services Lead will review all scheduled report executions and verify that the reports have been run.

Event Handling: For Advanced and Advanced Plus clients, the Managed Services Lead will create tickets on behalf of the client based on client-determined high severity changes to client-determined critical monitored nodes or non-achievement of the client-determined compliance threshold detected by the ExpertOps Service. All tickets will be created in the Tripwire Customer Center and available for review by the Client Lead.

Task Completion: TE makes use of scheduled tasks to execute specific operations. To ensure consistent and accurate functionality, the Managed Services Lead will verify that the tasks began when expected, completed successfully, and did not run for an excessive amount of time.

Agent Health: The Managed Services Lead will verify that all monitored nodes are communicating with the TE Console on a daily basis (business days) and, for Advanced and Advanced Plus tiers, will verify that the monitored nodes are completing their scans as expected.

2.3 Business Process Integration

Note: See the table in Section 1.0 above for the features that apply to each service tier.

TW-Apps Management: For Advanced and Advanced Plus clients, the Managed Services Lead will review the operation of Tripwire integrations to ensure optimal function and efficiency. Problems will be escalated.

TW-Apps Licensing: The Advanced and Advanced Plus service tiers include a subscription license for the Dynamic Software Reconciliation app (DSR) during the ExpertOps term.

TW-Apps Upgrade: As part of ongoing application maintenance, Tripwire periodically releases patches addressing emergent issues affecting TW-Apps, and updates with product improvements. The Managed Services Lead will coordinate the timing of the implementation of DSR patches and updates with the Client Lead. The DSR implementation must be kept within one release of the current release.

Remediation Prioritization: For Advanced Plus clients, the Managed Services Lead and Program Coordinator will outline a practical approach to gap remediation, by identifying the areas of greatest impact to organizational risk and opportunities to efficiently improve overall compliance posture.

Change Reconciliation (Promotion): For Advanced Plus clients, the Managed Services Lead will promote unauthorized changes according to the schedule defined in the Operational Use Plan.

2.4 Regulatory

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Policy Tuning and Guidance: For Advanced Plus clients, the Managed Services Lead will update or tune compliance policy tests as requested by the Client Lead. This may include changes to the test condition but does not include the development of new rule logic to harvest content from TE nodes or logic to parse or filter results.

Waiver Management: For Advanced Plus clients, the Managed Services Lead will create and update waivers as directed by the Client Lead or client escalation contact. This includes the inclusion of on-boarded nodes in applicable waivers as well adjustment to waiver expiration dates and/or comments.

Audit Assistance: For Advanced and Advanced Plus clients, the Managed Services Lead and Program Coordinator will review the immediately prior audit results with the Client Lead and will analyze results to assist the Client Lead to develop a plan to address findings applicable to Tripwire products. Where applicable, the plan will include adjustments to monitoring strategy, reporting strategy, changes to reconciliation processes, or changes to the ongoing remediation plan. The Client Lead will update reports and dashboards to enable the appropriate level of detail to be made available prior to the subsequent audit.

2.5 Management Consulting

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Service Performance Reviews: The Program Coordinator will conduct a periodic review of the Tripwire environment to audit configurations, reporting, dashboards and integrations. This is to ensure that there is a continuous cycle of improvement and optimization in the managed Tripwire environment. The service review will also include an overview of all event tickets, change requests, and achievements towards SLA attainment. Reviews will be conducted annually, quarterly or bi-monthly, depending on the service tier.

CISO + Executive Review: For Advanced Plus clients, the Program Coordinator will provide a quarterly report to key client stakeholders that will include deployment health statistics as well as an overview of achievements towards the client’s objectives. This report will provide insight into the ongoing improvement and utility of the Tripwire environment. The executive review will occur on a quarterly basis.

Organizational Grading: For Advanced Plus clients, the Program Coordinator will help establish grading systems for each accountable department to provide visibility into groups that may need additional resources and attention. Operational grading will be provided on a quarterly basis and will be based on KPIs provided by the client.

Operational Use Plan Update : For Advanced Plus clients, the Program Coordinator will make recommendations for updates to the Operational Use Plan to allow the client to maximize the automation capabilities that TE can provide. This can range from security and event alerting practices to change management process integrations to audit prep activities. Guidance starts during the implementation process and extends during the ExpertOps Service term. Working closely with the client, the Program Coordinator will establish an Operational Use Plan that will provide a guide to the Managed Services Lead in the following areas:

  • Priority systems
  • Event ticket creation procedures
  • Promotion and waiver creation procedures and guidelines
  • Agreement on tuning rules and preferences for notification (change management practices)
  • Platform ownership
  • Integration ownership

Tripwire Prescriptive Policies and Content: For Advanced Plus clients, the Managed Services team will provide a framework for FIM and compliance content that produces a prescriptive prioritization for FIM and policy changes. This framework will be used along with client input to ensure that the most critical changes/risks are identified quickly. Content prioritization strategy will be documented in the Operational Use Plan.

2.6 Analysis and Problem Support

Note: See the table in Section 1.0 above for the features that apply to each service tier.

Defect Support: Problem resolution for the Essential service tier will be managed by the Tripwire Customer Center during business hours according to Tripwire’s then-current Support Policy. The Managed Services Lead will coordinate problem resolution for clients at the Advanced and Advanced Plus service tiers.

Reporting Analysis: For Advanced and Advanced Plus clients, the Managed Services Lead will review the observed FIM or policy compliance changes and look for unusual activity (e.g. significant spike in Change Rate report, unusual Frequently Changed Nodes entries, etc.). If any such activity is observed, the Managed Services Lead inform the Client Lead during the regular service review. Urgent changes will be handled according to event ticket creation practices for the client’s service tier where applicable.

Agent Health Analysis: For Advanced and Advanced Plus clients, the Managed Services Lead will analyze node health error conditions and provide tactical troubleshooting assistance to improve the completeness of monitoring results. Any identified errors or unexpected behavior will be investigated and remediated by the Managed Services Lead with the guidance and assistance of the Client Lead.

RCA/RFO Process: For Advanced and Advanced Plus clients, the Managed Services Lead will provide a root cause analysis for all service impacting events including those related to product defects or deficiencies.

3.0 Other ExpertOps Service Information

3.1 Professional Services

The ExpertOps Service fee includes Professional Services for a standard Tripwire Enterprise implementation. Professional Services may be provided remotely or on-site, and include:

  • Deploy and configure ExpertOps virtual appliance on client-identified proxy host
  • Set up ExpertOps multi-factor credentials
  • Tripwire Enterprise console and backend database set up and operational
  • Tripwire Enterprise nodes deployed and registered
  • ExpertOps SMTP host set up
  • ExpertOps Active Directory authentication enabled (optional)
  • Asset classification/grouping
  • Change audit implementation
  • Configuration assessment implementation
  • Reporting strategy defined; dashboards implemented
  • Automation workflow created
  • Tripwire roles and responsibilities overview
  • Hands-on knowledge transfer throughout the engagement
  • Dynamic Software Reconciliation configured (Advanced and Advanced Plus clients only)
  • Best practice monitoring recommendations and operational use plan developed (Advanced Plus clients only)

The ExpertOps Service fee does not include other Professional Services, which are available on a time and expense basis, and which must be ordered separately. Examples of Professional Services that are not included in the ExpertOps Service fee are:

  • Development of custom policies
  • Integration with third-party products

3.2 Data Center Location; Business Hours

The Tripwire Enterprise console and Customer Content are hosted on a data center in the United States, accessed by the Managed Services team located in the United States. The Managed Services team is available during business hours, 6:00am-5:00pm Pacific, Monday-Friday, excluding national holidays.

3.3 Certifications and Audit Reports

Copies of the current PCI-DSS Attestation of Compliance and the SOC 2 audit for ExpertOps Service are available on request under a non-disclosure agreement.