Tripwire Remote Operations Service Description

Overview

Today’s IT and InfoSec executives are challenged with an ever changing cybersecurity landscape. When combined with the proliferation of new sources of information every day, it can be increasing difficult to maintain and operate technology solutions that are designed protect the organization from risk. Many IT organizations are struggling to revise processes to establish governance practices but that takes time and strategic focus and can be difficult to achieve when juggling multiple priorities along with day to day administration duties.

Security experts are in high demand and as a result, organizations struggle to retain their top talent. Security analysts and engineers strive to be part of the strategic picture but are often sidelined with operational responsibilities that can be outsourced.

Tripwire understands these challenges and offers levels of remote operations services (“TRO Services”) that are compatible with your operational needs and process maturity. Services are delivered by certified experts that can respond to your complex requirements and ensure that critical tools are operating to mitigate your security risks.

Many managed services attempt to provide services with a pool of resources that do not have a sufficient level of understanding of how you intend to leverage cybersecurity information. With TRO Services you have a single primary point of contact along with a designated backup that will help you maintain operational documentation of any configuration changes or adjustments needed to Tripwire products to support new initiatives.

TRO Services help you succeed by doing what we do best – operate and manage Tripwire products. You can focus on improving your security posture and process maturity while we support those efforts by ensuring that information that highlights risk to your organization is available when and how you need it.

Tripwire Enterprise

1.1 Service Tiers for Tripwire Enterprise

Essential: Provides day-to-day maintenance of the TE console and managed nodes as a managed service for clients that need change management or compliance information. This is ideal for clients that are just getting started with change management or compliance practices. Clients receive information that helps them respond to change or compliance issues.

Advanced: In addition to the services provided at the Essential tier, the Advanced tier includes:

  • Tactical tuning assistance to ensure that the most important information is highlighted for action,
  • Customized reporting and dashboards, with a more detailed analysis of results,
  • Dedicated problem resolution support, and

Advanced Plus: Services at the Advanced Plus tier are more tightly integrated with the client’s change and compliance practices. In addition to the services provided at the Advanced tier, the Advanced Plus tier includes:

  • The development of an operational use plan with best practice recommendations, 
  • Assisting with reconciliation of change and prioritization of remediation activities, and
  • An assigned program coordinator to help the client prioritize work activities.

The specific Services included in each tier are shown below:


Features

Essential

Advanced

Advanced Plus

Management

Console Maintenance

Included

Included

Included

Content Maintenance

Included

Included

Included

Service Status Updates

Monthly meetings

Weekly meetings

Semi-weekly meetings

Service Plan Development

Included

Included

Included

Asset Onboarding

Included

Included

Included

FIM Content Tuning

 

Included

Included

Client Requests

6/month

12/month

Unlimited

User Management

Included

Included

Included

Custom App Monitoring Configuration

 

Up to 4

Unlimited

Dashboard and Reporting Maintenance

Included

Included

Included

Dashboard and Report Creation

 

Included

Included

Monitoring

Console Health Monitoring

Included

Included

Included

Report Distribution

Included

Included

Included

Event Handling

 

Included

Included

Task Completion

Included

Included

Included

Agent Health

Reporting only

Included

Included

Business Process Integration

TW Apps Management

 

Included

Included

TW Apps Licensing

 

DSR

DSR

TW Apps Upgrade

 

DSR

DSR

Remediation Prioritization

 

 

Included

Change Reconciliation (Promotion)

 

 

Included

Regulatory

Policy Tuning and Guidance

 

 

Included

Waiver Management

 

 

Included

Audit Assistance

 

Included

Included

Management Consulting

Service Performance Reviews

Yearly

Quarterly

Bi-monthly

Program Coordinator (Project Executive)

 

 

Included

CISO + Executive Review

 

 

Included

Organizational Grading

 

 

Included

Operational Use Plan Update

 

 

Included

Tripwire Prescriptive Policies and Content

 

 

Included

Analysis and Problem Support

Defect Support

Tripwire Customer Center

Managed Services Lead

Managed Services Lead + escalation priority

Reporting Analysis

 

Included

Included

Agent Health Analysis

 

Included

Included

RCA/RFO Process

 

Included

Included

Product Deployments

Policies Included

FIM and 1 policy

FIM + two policies (standard policies only)

Unlimited + support of custom policies.

Real Time Functionality

 

Included

Included

Custom Policies

 

 

Included

Custom App Monitoring

 

4 Applications

Unlimited

Named Users

2

4

6


Roles

Client Lead - Primary point of contact at the client for the Managed Services Lead; provides guidance to the Managed Services Lead on asset configuration, classification and priorities, and compliance policies to be monitored; receives status reports and updates from the Managed Services Lead.

Tripwire Managed Services Lead –Primary administrator of the TRO Service for the client; responsible for regular operational and maintenance activities.

Tripwire Engagement Manager - Primary point of escalation within Tripwire; responsible for the client’s TRO account; works with the Managed Services Lead and Service Manager to ensure successful execution of all standard activities.

Tripwire Service Manager - Responsible for the management and delivery of all TRO Services accounts; works with the Engagement Manager and the Client Lead to establish strategic goals for client and Tripwire.

Tripwire Program Coordinator – For Advanced Plus clients, a project executive is assigned to provide overall leadership with respect to service delivery to the client, including prioritizing work efforts, managing critical escalations, acting as a liaison to Tripwire cross-functional organizations, and presenting the results of service delivery to client stakeholders.

1.2 Tripwire Enterprise Service Task Descriptions

1.2.1 Management

Note: See the table in Section 1.1 above for the features that apply to each service tier.

Console Maintenance: As part of ongoing application maintenance, Tripwire periodically releases patches that address emergent issues affecting TE. Tripwire generally recommends that all clients’ TE components remain current with official patches, and the Managed Services Lead will work with Client Lead to review the impact and criticality of any available patches. Major releases generally include significant functionality and are recommended to be applied promptly.

Content Maintenance: Tripwire releases updates to FIM and policy content based on industry benchmark availability and the urgency of updates for a particular platform. The Managed Services Lead will work with the Client Lead to determine the applicability of available content to the client’s requirements. 

Service Status Updates: On a frequency aligned with the service tier (monthly, weekly or twice weekly), a status report will be delivered to the Client Lead, the Tripwire Engagement Manager, and the Tripwire Service Manager. This report will contain a high-level overview of the daily and weekly activities completed. This report will also include any noteworthy issues encountered (with resolution, if any), event tickets created and status of change requests submitted by the client.

Service Plan Development: During a standard implementation, the Managed Services Lead and Tripwire Professional Services consultant will jointly develop a plan that outlines communication practices, escalation practices and any specialized requests from the client. At the Advanced Plus tier, clients receive a more in-depth, granular document that highlights detailed console configurations, history of changes, and joint operational procedures as they apply to change and configuration management (Operational Use Plan), which is updated on a quarterly basis.  (See Section 1.2.5: Operational Use Plan)

Asset Onboarding: It is common for clients to add new assets to their monitoring scope throughout their TRO Services engagement. The Managed Services Lead will review any new node(s) that are found and upon guidance from the Client Lead, classify the node(s) for monitoring and reporting using the appropriate tagging within the TE console.

FIM (File Integrity Monitoring) Content Tuning: For clients at the Advanced and Advanced Plus tiers, the Managed Services Lead and the Client Lead will work together to identify potential candidate deviations to be tuned out as noise. In this context, noise is considered changes that do not provide meaningful information and should be excluded from monitoring.

Client Requests: Client configuration or informational requests will be made through Tripwire’s Customer Center. The number of requests included in TRO Service varies by TRO Service tier (from 6 per month to unlimited).

User Management: In order to support effective separation of duties within the client environment, Tripwire Enterprise offers full role-based access control.  There are several built-in roles that can be assigned to individual users; additional custom roles can be constructed as well. Clients may request additional user access through the Tripwire Customer Center.

Custom App Monitoring Configuration: For clients at the Advanced and Advanced Plus tiers, Tripwire Enterprise can be configured to monitor custom applications. When a new application monitoring rule is necessary, the Client Lead will deliver an application monitoring questionnaire to the appropriate client subject matter expert. Application monitoring may include specific directories to be monitored or database queries to identify important changes. The maximum number of custom applications to be configured for monitoring varies by service tier. It is critical that accurate and detailed information be provided by application subject matter experts to ensure the effectiveness of monitoring. Tripwire is not responsible for the quality of client-defined monitoring requirements.

Dashboard and Reporting Maintenance: The standard implementation of TE includes a full complement of tailored reports, created and configured by the Managed Services Lead based on direction from the Client Lead.  The Managed Services Lead will adjust the standard reports from time to time at the Client Lead’s request to keep pace with the client’s changing environment and monitoring needs.

Dashboard and Report Creation: For clients at the Advanced and Advanced Plus tiers, TRO Service includes creating new reports and dashboards at the Client Lead’s request to keep pace with the client’s changing environment and monitoring needs.

1.2.2 Monitoring

Note: See the table in Section 1.1 above for the features that apply to each service tier.

Console Health Monitoring: As with any enterprise-class application, TE benefits from occasional maintenance activities and performance review.  The Managed Services Lead will regularly review the operational metrics of the TE Console and make any adjustments or corrections considered necessary or advisable.

Report Distribution: As part of a standard implementation, TE is configured to deliver tailored reports on a regular basis. To ensure consistent distribution, the Managed Services Lead will review all scheduled report executions and verify that the reports have been run.

Event Handling: For Advanced and Advanced Plus clients, the Managed Services Lead will create tickets on behalf of the client based on client-determined high severity changes to client-determined critical monitored nodes or non-achievement of the client-determined compliance threshold detected by the TRO Service. All tickets will be created in the Tripwire Customer Center and available for review by the Client Lead.

Task Completion: TE makes use of scheduled tasks to execute specific operations. To ensure consistent and accurate functionality, the Managed Services Lead will verify that the tasks began when expected, completed successfully, and did not run for an excessive amount of time.

Agent Health: The Managed Services Lead will verify that all monitored nodes are communicating with the TE Console on a daily basis (business days) and, for Advanced and Advanced Plus tiers, will verify that the monitored nodes are completing their scans as expected.

1.2.3 Business Process Integration

Note: See the table in Section 1.1 above for the features that apply to each service tier.

TW-Apps Management: For Advanced and Advanced Plus clients, the Managed Services Lead will review the operation of Tripwire integrations to ensure optimal function and efficiency. Problems will be escalated.

TW-Apps Licensing: The Advanced and Advanced Plus service tiers include a subscription license for the Dynamic Software Reconciliation app (DSR) during the TRO term.

TW-Apps Upgrade: As part of ongoing application maintenance, Tripwire periodically releases patches addressing emergent issues affecting TW-Apps, and updates with product improvements. The Managed Services Lead will coordinate the timing of the implementation of DSR patches and updates with the Client Lead. The DSR implementation must be kept within one release of the current release.

Remediation Prioritization: For Advanced Plus clients, the Managed Services Lead and Program Coordinator will outline a practical approach to gap remediation, by identifying the areas of greatest impact to organizational risk and opportunities to efficiently improve overall compliance posture.

Change Reconciliation (Promotion):  For Advanced Plus clients, the Managed Services Lead will promote unauthorized changes according to the schedule defined in the Operational Use Plan.

1.2.4 Regulatory

Note: See the table in Section 1.1 above for the features that apply to each service tier.

Policy Tuning and Guidance: For Advanced Plus clients, the Managed Services Lead will update or tune compliance policy tests as requested by the Client Lead. This may include changes to the test condition but does not include the development of new rule logic to harvest content from TE nodes or logic to parse or filter results.

Waiver Management: For Advanced Plus clients, the Managed Services Lead will create and update waivers as directed by the Client Lead or client escalation contact. This includes the inclusion of on-boarded nodes in applicable waivers as well adjustment to waiver expiration dates and/or comments.

Audit Assistance: For Advanced and Advanced Plus clients, the Managed Services Lead and Program Coordinator will review the immediately prior audit results with the Client Lead and will analyze results to assist the Client Lead to develop a plan to address findings applicable to Tripwire products. Where applicable, the plan will include adjustments to monitoring strategy, reporting strategy, changes to reconciliation processes, or changes to the ongoing remediation plan. The Client Lead will update reports and dashboards to enable the appropriate level of detail to be made available prior to the subsequent audit.

1.2.5 Management Consulting

Note: See the table in Section 1.1 above for the features that apply to each service tier.

Service Performance Reviews: The Program Coordinator will conduct a periodic review of the Tripwire environment to audit configurations, reporting, dashboards and integrations. This is to ensure that there is a continuous cycle of improvement and optimization in the managed Tripwire environment.  The service review will also include an overview of all event tickets, change requests, and achievements towards SLA attainment. Reviews will be conducted annually, quarterly or bi-monthly, depending on the service tier.

CISO + Executive Review: For Advanced Plus clients, the Program Coordinator will provide a quarterly report to key client stakeholders that will include deployment health statistics as well as an overview of achievements towards the client’s objectives. This report will provide insight into the ongoing improvement and utility of the Tripwire environment. The executive review will occur on a quarterly basis.

Organizational Grading: For Advanced Plus clients, the Program Coordinator will help establish grading systems for each accountable department to provide visibility into groups that may need additional resources and attention. Operational grading will be provided on a quarterly basis and will be based on KPIs provided by the client.

Operational Use Plan Update: For Advanced Plus clients, the Program Coordinator will make recommendations for updates to the Operational Use Plan to allow the client to maximize the automation capabilities that TE can provide. This can range from security and event alerting practices to change management process integrations to audit prep activities. Guidance starts during the implementation process and extends during the TRO Service term. Working closely with the client, the Program Coordinator will establish an Operational Use Plan that will provide a guide to the Managed Services Lead in the following areas:

  • Priority systems
  • Event ticket creation procedures
  • Promotion and waiver creation procedures and guidelines
  • Agreement on tuning rules and preferences for notification (change management practices)
  • Platform ownership
  • Integration ownership

Tripwire Prescriptive Policies and Content: For Advanced Plus clients, the Managed Services team will provide a framework for FIM and compliance content that produces a prescriptive prioritization for FIM and policy changes. This framework will be used along with client input to ensure that the most critical changes/risks are identified quickly. Content prioritization strategy will be documented in the Operational Use Plan.

1.2.6 Analysis and Problem Support

Note: See the table in Section 1.1 above for the features that apply to each service tier.

Defect Support: Problem resolution for the Essential service tier will be managed by the Tripwire Customer Center during business hours according to Tripwire’s then-current Support Policy.  The Managed Services Lead will coordinate problem resolution for clients at the Advanced and Advanced Plus service tiers.

Reporting Analysis:  For Advanced and Advanced Plus clients, the Managed Services Lead will review the observed FIM or policy compliance changes and look for unusual activity (e.g. significant spike in Change Rate report, unusual Frequently Changed Nodes entries, etc.).  If any such activity is observed, the Managed Services Lead inform the Client Lead during the regular service review. Urgent changes will be handled according to event ticket creation practices for the client’s service tier where applicable.

Agent Health Analysis: For Advanced and Advanced Plus clients, the Managed Services Lead will analyze node health error conditions and provide tactical troubleshooting assistance to improve the completeness of monitoring results. Any identified errors or unexpected behavior will be investigated and remediated by the Managed Services Lead with the guidance and assistance of the Client Lead.

RCA/RFO Process: For Advanced and Advanced Plus clients, the Managed Services Lead will provide a root cause analysis for all service impacting events including those related to product defects or deficiencies.

2.0 Tripwire IP360 Service Task Descriptions

2.1 Management 

VnE Maintenance: As part of ongoing application maintenance, Tripwire periodically releases patches that address emergent issues affecting IP360 and SIH. Tripwire generally recommends that all clients’ IP360/SIH components remain current with official patches, and the Managed Services Lead will work with Client Lead to review the impact and criticality of any available patches. Major releases generally include significant functionality and are recommended to be applied based on utility and readiness of code for Tripwire Managed Services clients.

ASPL Content Maintenance: Tripwire provides ASPL updates on a weekly basis. The Managed Services Lead will ensure that updates are applied properly and that important changes are identified to the client. In addition, the Managed Services lead will re-enable scans that were cancelled as a result of the updates.

Backup Maintenance:  As with most enterprise systems, the VnE database must be backed up on a regular basis to ensure recovery from an unexpected problem. The Managed Services Lead will confirm the successful backup and subsequent remote push of the database. Optionally, Managed Services can work with the Client Lead to perform a test database restore.

Service Status Updates: A weekly status report will be delivered to the Client Lead, the Tripwire Engagement Manager, and the Tripwire Service Manager. This report will contain a high-level overview of the Daily and Weekly Activities completed. This report will also include any noteworthy issues encountered (with resolution, if any), event tickets created and status of change requests.

Service Plan Development: During a standard implementation, the Managed Services Lead and Tripwire consultant will jointly develop a plan that outlines communication practices, escalation practices and any specialized requests from the client.

Scan Tuning: The Managed Services Lead and the Client Lead will work together to identify changes to scan configurations that will enhance scan performance, consistency or accuracy. This might include changes to scan profiles, networks, and device profiler configurations.

Update Global Exclusions: Tripwire IP360 has the capability to exclude certain hosts from scanning. The Managed Services Lead will update this list on a monthly basis or on request if an abnormal interaction occurs.

Scan Accuracy Review: Tripwire IP360 has the broadest coverage in the industry and in some situations, there may be conditions where the accuracy of a vulnerability check is at question. In these situations, the Managed Services Lead will work closely with the end-user to confirm and/or explain the discrepancy.

Client Requests: Client configuration or informational requests will be made through Tripwire’s Customer Center.

User Management: In order to support effective separation of duties within the client environment, Tripwire IP360/SIH offers full role-based access control. The Managed Services Lead will add new users, update existing users, and configure permissions as needed.

Custom Rule Construction: The standard implementation of Tripwire IP360 includes a comprehensive set of operating system, application, and vulnerability rules.  However, from time to time additional rules will need to be created to keep pace with the client’s changing environment and monitoring needs. (Maximum 2 rules/quarter)Dashboard and Reporting Maintenance: The standard implementation of SIH includes a full complement of tailored reports, created and configured by the Managed Services Lead. However, from time to time reports will need to be adjusted to keep pace with the client’s changing environment and monitoring needs.

Dashboard & Report creation: The standard implementation of SIH includes a full complement of tailored reports, created and configured by the Managed Services Lead. However, from time to time new saved reports will need to be created to keep pace with the client’s changing environment and monitoring needs.

2.2 Monitoring

VnE Health Monitoring: As with any enterprise-class application, Tripwire IP360/SIH benefits from occasional maintenance activities and performance review.  The Managed Services Lead will therefore regularly review will regularly ensure that all systems are online and functional. Checking, resolving and closing trouble states related to VnE, Device Profiler and SIH. In addition, a quarterly review of daemon logs will be performed to identify potential problems and make recommendations.

Scan Completion: Tripwire IP360 can be configured to scan based on highly configurable scan windows.  To ensure consistent and accurate functionality, the Managed Services Lead will verify that the tasks began when expected, completed or suspended successfully, and did not run for an unexpected amount of time. Scan failures will be investigated and remediated.

Report Distribution: As part of a standard implementation, SIH can be configured to deliver tailored reports on a regular basis. To ensure consistent distribution, the Managed Services Lead will review all scheduled report executions and verify successful completion.

Data Synchronization: The Managed Services Lead will ensure that data is synchronizing between the IP360 VnE and SIH. Loading processes will be adjusted for optimal flow of data.

Alerting: Tripwire IP360 has the capability to alert on various host, score, and scan conditions. The Managed Services Lead will review these alerts and adjust thresholds and configurations based on client feedback.

Authenticated Scans: Tripwire IP360 provides remote or scanning without credentials as an option but for optimal visibility of the client’s IT environment, authenticated scanning is recommended. The Managed Services Lead will surface discrepancies in scanning with credentials to ensure awareness.

2.3 Business Process Integration

Integration Review: Tripwire IP360 provides valuable data to clients’ organizations. Often this data is utilized in a network of integrated systems or IP360 may even be dependent on data provided by corollary systems. The Managed Services Lead will review integrations to determine how Tripwire can more effectively distribute data as well as leverage external data.

2.4 Regulatory

Audit Assistance: The Managed Services Lead will review the immediately prior audit results with the Client Lead and will analyze results to come up with a plan to address findings applicable to Tripwire products. Where applicable, the plan will include adjustments to monitoring strategy, reporting strategy, changes to reconciliation processes, or changes to the ongoing remediation plan. Reports and dashboards will be updated to insure that the appropriate level of detail is available prior to the subsequent audit.

2.5 Management Consulting

Service Performance Reviews: The Program Coordinator will conduct a periodic review of the Tripwire environment to audit configurations, reporting, dashboards and integrations. This is to ensure that there is a continuous cycle of improvement and optimization in the managed Tripwire environment. The service review will also include an overview of all event tickets, change requests, and achievements towards SLA attainment.

2.6 Analysis and Problem Support

Remediation Analysis:  To ensure the success of our clients’ vulnerability management programs, the Managed Services Lead will run quarterly differential reports in SIH to review the reduction or increase of vulnerability scores in each network.

Defect Support: Problem resolution and documentation is handled by the Managed Services Lead.

RCA/RFO Process: The Managed Services Lead will provide a detailed root cause analysis for all service impacting events including those related to product defects or deficiencies.

3.0 Tripwire TLC Service Task Descriptions

3.1 Management

Console Maintenance: As part of ongoing application maintenance, Tripwire periodically releases patches that address emergent issues affecting Tripwire Log Center (TLC).  Tripwire generally recommends that all clients remain current with official patches, and the Managed Services Lead will work with the Client Lead to determine the impact and criticality of any available patches. If the Client Lead makes the decision to upgrade, the Managed Services Lead will perform the upgrade and assist with any migration and training issues.

Content Maintenance: Tripwire releases updates to TLC normalization and correlation content based on requests from clients and important emerging devices. The Managed Services Lead will work closely with the Client Lead to determine the applicability of available content to the client’s requirements.

Service Status Updates: A weekly status report will be delivered to the Client Lead, the Tripwire Engagement Manager, and the Tripwire Service Manager. This report will contain a high-level overview of the daily and weekly activities completed. This report will also include any noteworthy issues encountered (with resolution, if any), event tickets created and status of change requests.

Service Plan Development: During a standard implementation, the Managed Services Lead and Tripwire consultant will jointly develop a plan that outlines communication practices, escalation practices and any specialized requests from the client.

Asset Onboarding: It is common for clients to add new assets to their monitoring scope throughout their Managed Services engagement. The Managed Services Lead will review any new node(s) that are found and upon guidance from the Client Lead, classify the assets(s) for monitoring and reporting. For new asset types this may require the creation of normalization rules, in which case sample log data will be provided by the Client Lead.

Correlation Rule and Alert Construction: The standard implementation of TLC includes an updated set of correlation rules, configured and enabled during a standard implementation.  However, from time to time additional rules will need to be created or enabled to keep pace with the client’s changing environment and monitoring needs.

Correlation Rule and Alert Tuning: The Managed Services Lead and the Client Lead will work together to identify potential events to be tuned out as noise.  In this context, noise is considered to be events that do not provide meaningful information and should be excluded from monitoring.  In addition, there may be events of interest that are not being monitored at all, but should be; in this case, the rules can be adjusted to include these additional events. Any associated event alerts may be adjusted as needed to ensure the proper notifications.

Client Requests: Client configuration or informational requests will be made through Tripwire’s Customer Center. Requests will be handled according to the appropriate SLA for the client’s service tier.

User Management: In order to support effective separation of duties within the client environment, Tripwire TLC offers full role-based access control.  There are several built-in roles that can be assigned to individual users, and additional custom roles can be constructed as well. Requests for additional user access may be made through the Tripwire Customer Center.

Dashboard and Reporting Maintenance: The standard implementation of TLC includes a full complement of tailored reports, created and configured by the Managed Services Lead. However, from time to time reports will need to be adjusted to keep pace with the client’s changing environment and monitoring needs.

Dashboard & Report creation: The standard implementation of TLC includes a full complement of tailored reports, created and configured by the Managed Services Lead. However, from time to time new reports will need to be created to keep pace with the client’s changing environment and monitoring needs.

3.2 Monitoring

Manager Resource Utilization: To ensure the continued health of TLC, the Managed Services Lead will verify that hardware and application resource utilization is within norms.  Any unexpected deviation will be investigated, and if needed, the proper personnel alerted.

Review Database and Manager Health: TLC stores events of interest both in their raw form on disk connected to the manager(s), and also in normalized form in a database. Both of these data stores on a periodic basis will need review to validate that the space allocated for both is sufficient to sustain the current growth rate and are tuned for optimum performance. The Managed Services Lead will conduct a quarterly review of the scope and performance of the audit logger and any event databases.

Report Distribution: As part of a standard implementation, TLC is configured to deliver tailored reports on a regular basis. To ensure consistent distribution, the Managed Services Lead will review all scheduled report executions and verify successful completion.

Asset Health: The Managed Services Lead will regularly verify that all assets are communicating with the TLC console as expected.  Any errors or otherwise unexpected behavior will be investigated and remediated.

Event Processing: The Managed Services Lead will verify that correlated events are being processed as expected, alerts are generated, and that EPS rates are within norms.  In addition, the Managed Services Lead will verify that old event data is archived as indicated by SIEM data retention requirements.

3.3 Business Process Integration

Tripwire Integrations: The Managed Services Lead will review the operation of Tripwire integrations to ensure optimal function and efficiency. Problems will be escalated.

3.4 Regulatory

Audit Assistance: The Managed Services Lead will provide assistance in gathering evidence required by auditors.

3.5 Management Consulting

Service Performance Reviews: The Program Coordinator will conduct a periodic review of the Tripwire environment to audit configurations, reporting, dashboards and integrations. This is to ensure that there is a continuous cycle of improvement and optimization in the managed Tripwire environment. The service review will also include an overview of all event tickets, change requests, and achievements towards SLA attainment.

3.6 Analysis and Problem Support

Defect Support: Problem resolution for TLC will be managed by the Managed Services Lead in accordance with Tripwire’s then-current Support Policy.

Asset Health Analysis: The Managed Services Lead will analyze asset health error conditions and provide tactical troubleshooting assistance to improve the completeness of log gathering and correlation. Any errors or otherwise unexpected behavior will be investigated and remediated with the assistance of the Client Lead.

RCA/RFO Process: The Managed Services Lead will provide a detailed root cause analysis for all service impacting events including those related to product defects or deficiencies.