Transcription
USING TRIPWIRE ENTERPRISE 8.3SUPPLEMENTAL GUIDETRIPWIRE PROFESSIONAL SERVICESv2.1
TABLE OF CONTENTSTable of Contents . 11About this Guide . 41.12Introduction to Tripwire Enterprise. 52.134Revision History . 4Exploring the Console Interface . 62.1.1Manager Bar and Tabs . 62.1.2Button Bar . 62.1.3Interface Toolbar. 82.1.4Tree Pane and Main Pane . 82.1.5Status Bar . 92.2Managers and Objects . 102.3New Features in Tripwire Enterprise 8.3 . 12Getting Started . 133.1Installing Tripwire Enterprise . 133.2Accessing the Console . 133.3Fast Track . 143.4Logging In to the Console . 203.5Change Your User Password . 213.6Setting User Preferences . 223.7Check the Version of Tripwire Enterprise . 23Using Asset View. 244.1Tagging Best Practices. 254.1.1Guidelines for Using Tags . 254.1.2Tagging Tips and Tricks . 254.1.3Tagging Strategies . 264.2Filtering Assets . 274.3Viewing and Selecting Assets . 284.4Manually Applying Tags to Assets . 294.5Working with Tags and Tag Sets . 304.6Working with Saved Filters . 311 Using Tripwire Enterprise 8.3 Tripwire Professional Services
4.75Standard Operations. 335.1Node Groups . 345.1.2Smart Node Groups. 34Create an Object . 365.2.1Create a Rule . 375.2.2Create a Task . 425.2.3Create an Action. 445.2.4Create a Report . 445.3Move an Object . 475.4Link/Unlink an Object. 485.4.15.55.5.1Link a Node. 49Delete an Object . 50Delete a Node . 505.6Import/Export an Object . 525.7Baseline a Node . 545.8Check a Node . 565.9Viewing Changes . 575.10Promoting Changes . 595.11Viewing Reports and Dashboards . 63Node Operations. 656.1Onboarding Agent Nodes. 656.1.1With Smart Node Groups Enabled . 656.1.2Without Smart Node Groups Enabled (Legacy Feature) . 656.27Create a Group . 335.1.15.26Working with Tagging Profiles . 32Event Generator and Enable Real-time Monitoring . 676.2.1Configure on a Single-node Basis . 676.2.2Configure in Bulk . 686.3Create a Custom Node Type . 696.4Create the Custom Node . 706.5Unlicensing a Node . 74Rule Operations . 762 Using Tripwire Enterprise 8.3 Tripwire Professional Services
897.1Tune a Rule . 767.2Configure Real-time Monitoring for Rules . 78Policy Operations . 798.1Using the Policy Manager . 798.2Creating a Policy Waiver . 82Other Operations . 859.1Configure the Login Method . 859.2Support Data . 889.3Create a Promotion Approval Template . 909.4Using Home Pages. 929.4.19.5Alerts Widget . 97Create a Custom Property. 983 Using Tripwire Enterprise 8.3 Tripwire Professional Services
1ABOUT THIS GUIDEThe Using Tripwire Enterprise 8.3 Guide provides a task-focused look at operating Tripwire Enterprise(TE). The goal of this document is to empower you with clear instructions to accomplish specific tasksand procedures within TE. The result is a practical look at operating TE to realize its maximum benefit.NOTE: This guide is designed to complement, rather than replace, the Tripwire Enterprise 8.3 UserGuide. The User Guide provides a more comprehensive overview of TE functionality.1.1Revision HistoryThis document has been updated to reflect improvements and new features available in TE version 8.3.For specific details on the revision history, please consult the table below:DateAuthor(s)VersionChange Reference9/2/2011Gail PowellVersion 1.0TE 8.1 Initial Draft9/22/2011Gail PowellVersion 1.1TE 8.1 Final Draft4/18/2014Daniel KuhnVersion 2.0TE 8.3 Update Draft5/21/2014Daniel KuhnVersion 2.1Minor Updates4 Using Tripwire Enterprise 8.3 Tripwire Professional Services
2INTRODUCTION TO TRIPWIRE ENTERPRISETripwire Enterprise (TE) is a File Integrity Monitoring (FIM) and Security Configuration Management(SCM) tool designed to be flexible in its monitoring of changes to systems, devices, and applications. TEsupports file servers, database servers, directory servers, network devices, and virtual infrastructuresystems out of the box. There is additional functionality to support other devices and systems throughthe use of custom nodes.The change detection core of TE can be understood with the knowledge of a few terms: A node is a monitored device or system. Examples of nodes include file servers, databaseinstances, or even network devices. TE supports many different node types.A rule defines a set of data to monitor. This could be a specific file or directory, or it could be theresults of a database query or command, for example. Just like there are many node types,there are many rule types.When you perform a check of a node with a rule, the result is an element. An element is themonitored data, as defined by the rule and returned by the node.An element, itself, is made up of versions. Think of an element version as a snapshot of themonitored data at some point in time.TE looks for changes to monitored elements. The first time a rule is ran (or “checked”) against anode, a baseline element version is created. This baseline version is what future checks arecompared to when TE is looking for changes. (The process of performing this initial check of arule against a node is also called “baselining”, as the baseline element version is what results.)If a change is detected, TE classifies the change as one of three types: addition (a file is added,for example), deletion (a file is deleted, for example), or the most common, modification (thecontents of a file or its attributes have changed, for example). This detected change is thensaved as a new element version of that change type.As you can imagine, over time TE will keep adding to this element history by creating newchange versions when changes are detected. In situations when the change that TE detectedwas expected or known (in other words, a “good” or “authorized” change), a user can promotethat newly detected change version to become the new baselin
4 Using Tripwire Enterprise 8.3 Tripwire Professional Services 1 ABOUT THIS GUIDE The Using Tripwire Enterprise 8.3 Guide provides a task-focused look at operating Tripwire Enterprise (TE). The goal of this document is to empower you with clear instructions to accomplish specific tasks and procedures within TE. The result is a practical look at operating TE to realize its maximum benefit.
