Image
What is Tripwire Custom Workflow Automation?
Tripwire Custom Workflow Automation (TWCA) is a solution that allows our customers and consultants the ability to create unique workflows where they can utilize all their existing solutions and Tripwire products without requiring extensive programming experience. TWCA’s functionality can be expanded with ‘plugins’ which can be created by savvy customers or Tripwire consultants. It’s this functionality that makes the Tripwire Workflow Automation so powerful and flexible. If there is a need for some functionality that isn’t already available, a public interface is provided that anyone can use to add additional workflow steps. First, it is XML-based, making it easy to read. It is also modular in design, allowing for easy expansion, as well as feature-rich out of the box. Lastly, it provides a Public Module Interface, allowing customers to create their own modules. The choice of “Custom” in the name is not by accident. Customers can create their own workflows using common programming mechanisms (conditionals, looping, I/O, locating, scripting, and utility). <workflow name="PAM">
<retrievePamNodes configuration="pam" output="pamNodes">
<for list="${pamNodes}" item="node" condition="exists" continueOnError="false">
<forEach list="" outVariable="panNode">
<logMessage severity="info" source="TE">Processing Asset - ${pamNode}</logMessage>
<checkoutNode configuration="pam" input="${node}" />
<if condition="exists" value1="${ERROR_MSG}" negate="true">
<runTECheck configuration="pam" input="${node}" />
<retrieveContent configuration="pam" input="${node}" />
<checkinNode configuration="pam" input="${node}" />
</if>
<else>
<logMessage level="error" sourc="TE">
An error occurred while processing node (${node}): ${ERROR_MSG}
</logMessage>
</else>
</forEach>
</workflow>
What can TWCA do?
Utilizing TCWA’s ability to run scripts, customers are able to connect to virtually any platform that provides API access. The data retrieved by the API call can then be stored in TE and tracked for change. The very first use case of this process was to analyze data collected from RedHat OpenShift to monitor the configuration of Kubernetes containers for a major financial customer. It worked so well that they engaged Tripwire to then analyze rule objects and categorize them as financial or non-financial, based on an XML feed from their ITSM. Another customer use case was to verify that any detected change to \etc\password was only performed by their password vault application. This workflow queried the customer’s SIEM for events from the password vault and correlated that data with the change detected in Tripwire Enterprise. Any change that could not be correlated to a record in the SIEM is left unpromoted, resulting in an incident being created in their ITSM when TEIF was run later that evening. TWCA has also helped customers working with cloud-based DevOps platforms. A workflow was developed to query Azure DevOps for release activity for servers with detected changes. Those changes were then correlated to an artifact in Artifactory; a manifest of the artifact was retrieved and used to promote the detected changes by element name and hash. It’s not just Tripwire Enterprise that can benefit. It has been used to compare the discovered assets in Tripwire IP360 to Archer and then store the differences in Tripwire Enterprise. With that kind of data, the customer was able to see where there were gaps in their inventory discovery and tracking process. They were even discussing using the TWCA to take the data gleaned in the “1st” phase and fill in the gaps in Archer. Do you have a workflow that you would like to automate? Tripwire Professional Services is ready to assist. To learn more about Tripwire Custom Workflow Automation and Tripwire’s other products, click here.About the Author: TWCA is the brainchild of Kelly Fessler, Architect & Manager, Tripwire Specialty Services and Sean Stallbaum, Sr. Services Solutions Engineer. Thank you for their input and review, as well as the use case examples provided.
