Correlating changes with change requests—and distinguishing authorized and intended changes from unauthorized and unintended ones—doesn’t need to be a full-time job. The Tripwire® Enterprise Integration Plug-in for Remedy AR System combines authorized change information managed by the Remedy AR System with Tripwire’s robust change auditing capabilities. This powerful combination enables organizations to validate authorized change and immediately determine if the change management process has been circumvented. As a result, organizations increase accountability and control over changes that can affect regulatory compliance, availability, and security.
a. Tripwire records intended changes and the change report is attached to a Remedy Change Request ticket.
b. Actual changes are made to—and detected on—the production server. Tripwire maps authorized Remedy tickets to actual changes and approves the intended changes within Tripwire.
c. New Tripwire integrity check reveals unintended changes, and the report is attached to a new Remedy incident ticket.
When Tripwire Enterprise detects a matching change request in Remedy AR System, Tripwire approves expected changes and attaches a report detailing all captured changes.
When the Remedy ticket is later opened, the Tripwire information is available for analysis.
How the Integration Works
- Tripwire Enterprise creates a report of all file system changes detected on a selected server
- Tripwire uses Remedy AR System formatted search commands to identify if any open change requests for that server exist
- If an open change request exists, the expected change information attached to the ticket is used to approve changes, and the server’s baseline is updated automatically—or the user may manually execute those functions in Tripwire through the Remedy AR system
- If no open requests exist, changes are considered unauthorized, at which point Tripwire Enterprise creates an incident ticket detailing the change for further investigation and/or escalation