Tripwire State Analyzer

Automated "Why" Reporting for Security and Audit Efficiency

Get Safe and Compliant

Keeping your organization safe and compliant is challenging and complex. Security is more effective when you have documented baselines for a system’s configuration, usually in the form of a security policy. These policies specify recommended or required system configurations, including applications, ports, services, and security basics. But ask yourself: How can I validate that my systems are configured according to my security policy? Can I automate that process? Can I provide justification for my established policy? Can I easily manage my policy, especially as it applies to assets and groups of assets? This reconciliation process poses a significant challenge that often involves lots of time, resources, manual checks, cross-system comparisons, and approval processes.

The Solution: Tripwire State Analyzer

Fortra's Tripwire® State Analyzer works in tandem with Tripwire Enterprise and Tripwire IP360™ to offer an automated, flexible solution to this security challenge.

How Does Tripwire State Analyzer Help You?

With Tripwire State Analyzer, you manage your policies centrally and get reports on approval, as well as unauthorized system settings of multiple types. In addition, you can automatically include the justification for a given setting in the same report to speed up the auditing process.

Tripwire State Analyzer enables you to define a set of required or permitted system settings. When a system is examined, a comprehensive report of authorized and unauthorized settings is generated along with the justification information. This report enumerates the settings that are out of compliance, and can be configured to provide justification for why the change was allowed. This provides an automatic audit trail of changes and justifications, as well as unauthorized changes as they happen. Tripwire State Analyzer saves time and increases accuracy for both business and audit driven compliance policies.

With Tripwire State Analyzer you can:

  • Define records in centralized Allowlist configurations that contain approved configuration items
  • Automate the validation of detected system configurations against your Allowlist configurations
  • Generate detailed system configuration reports of authorized and unauthorized configurations
  • Integrate with FoxGuard to improve the process of validating software and patches

The solution supports the collection and reconciliation of the following configuration items:

  • Network Ports
  • Local Users
  • Local Groups
  • Services
  • Installed Software
  • Local Shares
  • Persistent Routes
Tripwire State Analyzer Workflow


PCI Requirements

Tripwire delivers continuous and unmatched PCI compliance by our unique integration of policy management, file integrity monitoring (FIM), vulnerability assessment and log intelligence. Tripwire State Analyzer specifically addresses PCI 3.2.1 Requirement 1.1.6, which relates to the documentation and business justification for use of all services, protocols, and allowed ports.

NERC CIP Requirements

The application also lends its power— alongside Tripwire Enterprise, Tripwire IP360 and Tripwire LogCenter®—to help you address the requirements contained in these NERC CIPv6 standards:

  • CIP-007 R1: Ports and Services — The app can monitor ports and services and compare current state against a tailored set of customer-specific approved port and services, alerting when monitoring detects a variance.
  • CIP-007 R2: Security Patch Management — The app can identify software versions and installed patches and compare current state against a tailored set of Patch Management customer-specific approved software versions and patches, alerting when there is a variance on specific BCAs.
  • CIP-010 R1: Configuration Change Management — The app can identify and authorize application software/ versions, custom sw, logical network accessible ports, and security patches.


CIS Controls

The Center for Internet Security’s CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks.

Tripwire State Analyzer is a powerful tool to address the following:
  • Control 2: Inventory and Control of Software Assets
  • Control 4: Secure Configuration of Enterprise Assets and Software
  • Control 5: Account Management
  • Control 6: Access Control Management
  • Control 13: Network Monitoring and Defense
  • Control 16: Application Software Security


Save Time with Customized Detailed Reports

Tripwire State Analyzer increases automation and efficiency and can be customized for each unique enterprise, enabling you to save time and resources:

  • Automate the validation of detected system configurations
  • Generate detailed system configuration reports of authorized and unauthorized configurations
  • Increase audit preparation efficiency


high-level overviews of all assessment
Tripwire State Analyzer allows for quick, high-level overviews of all assessment data from multiple consoles in a single source, which can be viewed in greater detail— down to the per-node level



Window CIP-007 R2
Tripwire State Analyzer reports on authorized, unauthorized as well as unused settings, regardless of type


Schedule Your Demo Today

Let us take you through a demo of Tripwire State Analyzer and answer any of your questions.

Request a Demo