Skip to content ↓ | Skip to navigation ↓

With the announcement of Tripwire Enterprise 7.5V, like new parents, we are eager to show it off and smile lovingly at our new little baby. With this in mind I thought I’d spend a few posts showing some of the new functionality that makes TE 7.5V so great.

Click to EnlargeMy first post is to give some detail on our new role based Home Pages. This functionality allows customers to create their own widget based pages that give them the information that is important to them without having to see or understand the underlying technology. With this being a Virtualization security blog I’ve taken an example of what a VI admin or a member of the security team might want to have as a Home Page. Each widget is customizable to show the key pieces of information you are interested in. In the example to the right I have four widgets that I’ve created for a “Virtual Infrastructure” Home Page (click to enlarge).

The first widget “Virtual Infrastructure Security” contains scorecards for configuration assessment against security best practices for the Hypervisors, vSwitches and workloads contained in the monitored Virtual Center. These reports are clickable to get more information. If I click into the vSwitch VMware Hardening report I can see the different vSwitches I am monitoring and whether they are compliant to the best practices laid down by VMware or not.

Click to enlargeIn the vSwitch VMware Hardening report, we can see that vSwitch1 failing some of the tests that we’ve designated to run on that switch. These failures are due to both the MAC address changes and Forged Transmits not being set to reject. Drilling further allows us to see the actual settings and also how to remedy the issue if desired. This remediation advice is included in the policies to help customers not only find out where they are failing on security parameters but also how to fix it. This remediation advice can be edited to suit different environments or processes and could even be used to create a change ticket and be included as a run book of actions that need to take place by other admin staff.

Moving to the right of the home page we have another dashboard widget called “VI PCI Compliance” which allows us to see how well the environment is configured against VISA’s PCI policies. Read this post to see why Mike Lohr so eloquently pointed out that the virtual infrastructure should be compliant to PCI. Any graphical report could be added to these dashboard widgets, for example guest OS complaince to CIS, NIST, DISA or ISO27001.

Directly below that widget we have an alert widget that is configured to show any alerts on the virtual infrastructure which includes new guests or hosts being added and changes to the infrastructure that reduces or increases the compliance to the security policies. This is a great alert for a VI admin to use to see who is adding new guests to the Hypervisors to control VMSprawl.

Click to enlarge

Below that alert widget we also have a “Report Repository” widget that allows us to add reports an admin might want front and center. A very useful report, that I’ll discuss in a future post, is the unmonitored guest systems and hypervisors which allows us to show any guest or hypervisor that have been deployed without security monitoring.

As you can hopefully see, this new piece of functionality we really help staff gain control of their virtualized environment. My next post will be about how Tripwire can automate discovery of all virtual assets.

Tripwire University
  • Bob Randolf

    Wow, looks very confusing to me.

  • You have a good point Bob. I put that home page together as one page to be able to talk about the different widgets rather than a true real World example. Basically, I overcooked it trying to show it off – a bit like pulling a wheelie on your motorbike and falling off the back.

    The good thing is, home pages are completely configurable so you could reduce the amount of reports, alerts or other widgets on each page to keep it cleaner, concise and far simpler.

    It also depends on what kind of user you are. If you were a non technical user like an auditor, maybe you would just have 4 key reports whereas if you were a VI admin, maybe you’d have loads more alerts.

    What would you remove to make it less confusing from your point of view?