Tripwire State Analyzer Report Catalog

Tripwire® State Analyzer automates change alerts. It works in tandem with Tripwire Enterprise and Tripwire IP360™ to provide smart alerting and automation in critical security areas that are not manageable by traditional system state monitoring approaches. Originally developed for customers with high security requirements in the electric generation and transmission utilities industry, its high adoption rate now spans multiple industries that face similar monitoring challenges. Tripwire State Analyzer is scalable, flexible, and easy to maintain. This document highlights available reports.

Users and Passwords In the solution for local users, multiple aspects of user accounts are reported on. The solution has built-in options which allow for: » Addition of custom fields » Option of readable output, or CSV output » Alerting on password over allowed age limit » Alerting on passwords nearing allowed age limit

 

Evidence Reporting

Image
Evidence Reporting

Security Alerting 

Image
Security Alerting

 Systems with new unauthorized users or stale passwords have change indicators from green to red. This example shows a detailed report of just the exceptions that a System Administrator should attend to.

Support and Requirements

This solution is supported on:
  • Windows
  • RHEL

 

Ports

Reports are generated to support two use cases: evidence reporting and alerting for daily maintenance of compliance. Report generation is automated once the solution is fully implemented, and allows for scanning as often as is desired.

Evidence Reporting
Image
Evidence Reporting
 The solution has built-in options which allow for:
  • Ephemeral ports
  • Port ranges
  • TCP and UDP
  • Digest data from nmap or IP360
  • Matching ports to process
  • Addition of custom fields to reports

 

Support and Requirements

This solution is supported on:
  • Agent-based, internal scanning:
    • Windows
    • RHEL
    • AIX
    • Solaris
  • Agentless, external scanning for an IP device

 

Compliance Alerting
Image
Compliance Alerting

Services

Once the user has supplied information about normal or expected services on a system or class of systems, Tripwire will alert on new, unexpected ports. Report generation is automated once the solution is fully implemented, and allows for reporting as often as is desired 

Evidence Reporting
Image
Evidence Reporting
The solution has built-in options which allow for:
  • Specifying justification by individual servers or by server role
  • Custom fields

Support and Requirements

This solution is supported on:
  • Windows
  • RHEL
  • AIX
  • Solaris 

 

Compliance Alerting
Image
Compliance Alerting

 Platform Coverage and Requirements

All solution areas listed in the chart below are based on Tripwire Enterprise. All server platforms require Tripwire Enterprise v8.0 or later and a Tripwire Enterprise agent installed on the server.

Image
PLATFORM COVERAGE AND REQUIREMENTS