Tripwire industry-leading security solutions offer you visibility to your security data in ways that help you understand and improve your state of security and meet compliance demands. Tripwire Enterprise provides system change, configuration and compliance information, while Tripwire LogCenter™ provides log and security event information.
To further expand your visibility into your organization’s security and compliance status, Tripwire offers mature, refined integration frameworks. With them, you can combine Tripwire Enterprise’s rich change, configuration and compliance information with data from additional security solutions, like SIEMs, change management (CM) systems, change management databases (CMDBs), and governance, risk and compliance (GRC) systems.
Change Management (CM) Integrations
Change management (CM) systems help verify that changes made to a system were authorized and performed properly. The integration enables Tripwire Enterprise to query a CM system like Remedy, ServiceNow or CA Service Desk to verify that changes it detected were properly planned for and authorized— that is, if the right changes were made to the right system, at the right time, and by the right person.
Additionally, unexpected changes found by Tripwire Enterprise generate incident tickets in the CM system to notify the proper channels of a change management process violation or possible security event. For example, Tripwire Enterprise detects a system change that has no ticket in the CM system or finds that more changes were made than authorized on the ticket.
You can also use the integration framework to add information from the CM system to Tripwire Enterprise. Tripwire Enterprise can then use automation to distinguish between authorized and unauthorized changes, automatically promoting approved changes and flagging unauthorized changes for further investigation.
Change Management integrations include:
Organizations often depend on change management databases (CMDBs) as the “single source of truth” for the inventory of the systems an organization has in its infrastructure, the applications present on them, system and application owners and other associated details. While CMDBs may launch with accurate information, over time the information drifts or becomes stale, and system administrators often can’t definitively state what systems they have, who owns them, what’s on them, and even what data center they’re in. Tripwire Enterprise’s integration with CMDBs feeds and accepts change and configuration data from Tripwire Enterprise to CMDBs such as ServiceNow.
With an inaccurate CMDB, a system administrator would be hard-pressed to quickly list the applications installed on a system or the systems on which a particular application is installed. Tripwire Enterprise automatically harvests a list of every application installed on a system along with detailed system configuration information. By feeding that data into a CMDB, you could quickly produce an applications list for a system and ensure that your CMDB contains the most current information about the systems in your environment.
CMDBs typically organize and categorize assets using a structure that reflects how the business operates. The integration also lets you feed this type of CMDB information into Tripwire Enterprise and use it in the solution to automatically assign asset tags, node groupings and naming schemes. As a result, Tripwire Enterprise home pages, reports and alerts consistently represent your assets from that business perspective. Plus, when you bring new systems online, retire older systems, or update applications in the CMDB, Tripwire Enterprise reflects those changes. This helps identify situations that warrant investigation—for example, when Tripwire Enterprise detects that a retired system that should be offline is actually still recording changes.
Change Management Database integrations include:
✓ and more
When security teams gradually optimize their security workflows and move from manual to automated processes, the topic of IT service management (ITSM) integration with security tools such as Tripwire Enterprise is a natural next step. Read our ITSM Integration Datasheet to learn more.
ITSM integrations include:
By design, SIEMs focus on event capture and correlation. Once an incident impacts files at the system level, however, SIEMs lose much of their visibility. Tripwire Enterprise’s integration with SIEMs lets you improve your incident detection abilities by adding valuable system configuration, change, user and business context data from Tripwire Enterprise to Tripwire LogCenter, ArcSight, RSA Envision—or almost any other SIEM.
Combining these types of data constructs a more complete picture of what’s happening, or what happened—in the case of forensics investigations—at the network and system level. For example, you could use the framework to help detect when critical files on a high value asset have changed and determine if those files were changed by an account that was supposedly disabled or if the change was made outside of normal business hours. It can also tell you if file changes degraded compliance or security scores.
SIEM integrations include:
Threat Intelligence Integrations
Threat intelligence programs need to connect their inbound sources directly to the monitoring systems that are already in place. Tripwire has made this connection a reality, helping to address the key question when a new indicator of compromise (IoC) comes in, “Do I have any of that on my network?”
Threat Intelligence integrations include:
Tripwire Enterprise’s integration with governance, risk and compliance (GRC) tools lets you extract high-level information from Tripwire Enterprise and feed it into GRC tools like Archer and Agiliance. That lets you keep track of important trends in security and compliance, such as whether the organization is experiencing an increase in unauthorized changes, is failing more compliance tests, or has worse or better compliance scores in some regions compared to others.
Tripwire Enterprise can work with any software or device that has an API or web interface. Its powerful API command set that can be leveraged in your business-as-usual workflows to check for changes, manage promotion, and extract data to use with your other tools.
Tripwire’s Professional Services Ensure Success
Tripwire delivers all the integrations through a professional services engagement. You can count on Tripwire’s experienced consultants to assess your needs, effectively implement the appropriate framework, and help you gain a more complete picture of your organization’s IT security and compliance status.