Tripwire Enterprise 8.3 Basic Configuration Steps - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Thursday, August 7, 2014

Tripwire Enterprise 8.3 Basic Configuration Steps

Tripwire Enterprise is a security configuration management suite whose Policy Management, Integrity Management, and Remediation Management capabilities stand-alone or work together in a comprehensive, tightly integrated SCM solution.
Five Key Features:
  • Change-triggered Configuration Assessment
  • World's Best File Integrity Monitoring
  • Achieve Continuous Compliance
  • Integrate SCM into IT Security Operations
  • Visualize and Report SCM Results to Communicate & Mitigate Risks

Tripwire Capabilities:

  • Vulnerability Management
    • Risk Scoring and Prioritization
    • Vulnerability Assessment
    • Asset Inventory and Profiling
  • Configuration & Compliance Management
    • Policy Management
    • Configuration Management
    • Automated remedation
  • Integrity Monitoring
    • File Integrity Monitoring
    • System Configuration Monitoring
    • Database Configuration Monitoring
  • Log Management
    • Secure, Reliable Log Collection
    • Flexible log Storage and Retention
    • Correlation and log forwarding

Tripwire Capabilities
Tripwire Product:

  • IP360
  • Enterprise - Configuration Compliance Manager
  • Enterprise
  • Log Center

Tripwire Products

Installed Tripwire version is 8.3 in the test environment. Here are some basic steps to configure a new network device node into the Tripwire Enterprise 8.3:
1. Add a new node:
Assigned to Custom type Cisco which gives more flexibility.
Enter correct username and password.

Important part is to give right maker and model information to get it auto assigned into smart group.

This screenshot shows the new node assigned to right Cisco Nexus 5000 group.

2. Do a check or baseline to new node with proper rule. 

In this example, I used Cisco IOS configuration Rule which is to run Show Running-Config command

3. Rules. 

Create a new rule for your device. Using Network Device -> Common -> Command Output Validation Rule template:

In the rule, put proper command just as following screenshot shows:

Next Screenshot shows how to check Checkpoint rules.C

Another thing in the rule is Target Node Type.

4. Report

Create a report based on a report template.

5. Task.

Schedule a task to send the report to your email.

No comments:

Post a Comment