Tripwire Connect Report Catalog | Tripwire

Tripwire Connect Report Catalog

Download the pdf

Introduction

Tripwire® Connect is the highly-customizable analytics, reporting, integration and management platform for Tripwire Enterprise and Tripwire IP360TM. Available in both on-prem and SaaS versions, it can deploy and scale according to your organization’s needs. While Tripwire has always provided users an abundance of invaluable security and compliance data, Tripwire Connect extends the value of that data even further by combining information from multiple sources and presenting it in a unified way. Its rich, visual analytics and reports help security teams translate Tripwire solution data into the strategic remediation activities that can most effectively reduce your cyber risk. This report catalog gives a quick overview of features and file integrity monitoring (FIM), secure configuration management (SCM) and vulnerability management (VM) reports and dashboards. When you’re ready for a demo, visit tripwire.me/demo and we’ll be happy to give you a deeper look into Tripwire Connect.

 

General Features & Reports

 

Darkmode Option

All reports in Tripwire Connect have the ability to toggle the light/dark mode configuration for each template, and save that configuration for use in scheduling or pinning to the dashboard section of the Tripwire.io UI

Security Overview Report

Provides an overview of your security environment utilizing Tripwire Enterprise compliance and Tripwire IP360 vulnerability data.

Questions answered:
  • Am I above or below my security or compliance threshold?
  • Do certain operating systems have more vulnerability associated risk than others in my environment?
  • What policies have the worst compliance rates in my organization?

Tripwire Connect System Health

Dashboard showing the current state of your Tripwire Connect deployment, including data freshness per index, data source type, and data source name.

Questions answered:
  • Does Tripwire Connect have all of the latest SCM, FIM, and VM data needed for accurate and current reporting?
  • Are any components of my reporting system experiencing problems or errors that require my attention?

Tripwire Enterprise Asset Inventory

For each system monitored by Tripwire Enterprise, this Report Template provides the make, model, version, and other related information.

Questions answered:
  • How many licensed assets are in my Tripwire Enterprise environment?
  • Which assets are running older versions of the Java or Tripwire Axon agents?
  • How many assets in my environment are on a specific OS version?

 

FIM Reports

FIM – Change Summary

An overview of changes across your environment to identify areas with relatively high change rates

Questions answered:
  • Do certain asset types have more system changes than others?
  • Which asset groups have the most unauthorized change in my environment?

FIM – Change Summary by Asset

View which assets have the highest number of element changes in your environment and/or have the highest unauthorized change percentage.

Questions answered:
  • Which asset groups (by tag) have the most unauthorized change in my environment?
  • Which assets have the highest percentage of unauthorized change in my environment?

FIM – Change Summary by Rule

View which Tripwire Enterprise rules are generating the most element changes in your environment and/or have the highest unauthorized change percentage.

Questions answered:
  • Which Tripwire Enterprise rules are generating the most unauthorized change in my environment?
  • Which Tripwire Enterprise rules are generating the highest volume of changes in my environment?

FIM – Detailed Changes by Element

A detailed view of elements that have changed for a specific asset, including change type and last date the element was evaluated for change.

Questions answered:
  • What elements changed on a specific asset in the last 7 days?
  • Who approved a specific element change?

FIM – Elements

View the current version of elements which are being monitored on an asset(s), including the option to view Tripwire Enterprise element content in the report.

Questions answered:
  • Which elements have not been evaluated for change in the last “x” days?
  • Which elements are currently being monitored for a single asset or group of assets?

FIM – Reference Asset Variance

View a list of all elements that differ between a reference asset and one or more comparison assets, including the option to view Tripwire Enterprise element content in the report.

Questions answered:
  • How can I be certain that what I just promoted to production matches the reference asset or container image?
  • Do I have any configuration drift in my group of assets that should always have the same configuration?

 

SCM Reports

SCM – Compliance Detailed Test Results

View detailed policy test results for use in an audit or to identify failing policy tests on specific assets, including the option to view Tripwire Enterprise element content in the report.

Questions answered:
  • How can I create a report for an auditor to prove an asset is being monitored for PCI compliance?

SCM – Compliance Summary

A high-level overview of an organization’s policy compliance for a specific policy family

Questions answered:
  • Which policy platform has the highest number of failed policy tests?
  • Which policy tests have the most failures in my environment?
  • What are the top 10 assets with failed policy tests?

SCM – Compliance Test Results by Asset

Summary of test results for the selected group of assets. Can be used to easily identify which assets have the lowest compliance percentage.

Questions answered:
  • Which assets have the most failing tests in my environment or with specific tags?
  • Which assets have the most unknown test results? » Which assets have the most test results with waivers applied?

SCM – Compliance Test Results by Policy

Summary of test results for a specific policy family. Can be used to easily identify which policies have the lowest compliance percentage.

Questions answered:
  • What policies have the most failed tests in my environment or for a group of assets?
  • What policies have the worst compliance percentage in my environment or for a group of assets?
  • What/how many assets are being evaluated for compliance of a specific policy?

SCM – Compliance Test Results by Test

Summary of test results focused on a specific policy. Can be used to easily identify which policy tests have the lowest compliance percentage.

Questions answered:
  • What are the top 10 policy tests with failed test results in my environment or for a group of assets?
  • Which policy tests have the lowest percentage of failed test results in my environment or for a group of assets?
  • What/how many assets are being evaluated for a specific policy test?

SCM – Compliance Trends

This report displays trends of historical policy compliance across the environment or groups of assets.

Questions answered:
  • Has my overall policy compliance improved or gotten worse over time?
  • Has my compliance for a specific policy improved or gotten worse over time?

 

VM Reports

Tripwire IP360 Risk Matrix

The Risk Matrix allows users to quickly and intuitively identify vulnerability risk in their environment. The matrix is interactive so that when you click on a cell, the associated vulnerabilities are be displayed on the screen, or drill into the details to see vulnerabilities with the corresponding Risk and Skill.

The Risk Matrix is available in these Tripwire IP360 report templates:
  • VM – Asset Details
  • VM – Vulnerability Inventory
  • VM – Vulnerability Management Summary

VM – Asset Details and VM – Vulnerability Details Report Templates

Now includes data elements such as:
  • The IP360 Rule used to detect the presence of a vulnerability or application
  • The associated transcript for each IP360 Rule (evidence data)
  • Solution data such as links to application advisories used to resolve a vulnerability
  • Host information such as SSL certificate, encryption ciphers, open ports, etc

VM – Application Details

For an application or group of applications, shows detailed information about the assets that have the application(s).

Questions answered:

  • What assets in my environment have a specific application present?

  • What port(s) was a specific application found on?

VM – Application Inventory

List of applications running in the environment with a count of the assets that have the application present.

Questions answered:
  • What applications are present in my environment?
  • For each application, how many assets have that application present?

VM – Asset Details

List of the vulnerabilities present on a specific asset

Questions answered: 
  • What vulnerabilities are present on a specific asset?
  • Are there any critical vulnerabilities present on a specific asset? 
  • What is/are the CVE(s) associated with a vulnerability?

VM – Asset Inventory

This report lists all known Tripwire IP360 assets in the environment with their IP360 Host Score, vulnerability count, highest CVSSv3 on each asset, and last scan date.

Questions answered: 
  • Which/how many assets are being scanned for vulnerabilities in my environment?
  • Are there any assets in my environment with an IP360 Host Score above my security department’s predefined threshold? 
  • Are there any assets in my environment with a Critical CVSSv3 vulnerability?

VM – Distinct Scan

The Distinct Scan report provides host and vulnerability data from one or more selected scans, or from scans occurring within a specified time frame. It can be used to obtain the most current scan results for an environment or to focus on historical data for a specified period of time.

Questions answered: 
  • What is the most recently determined vulnerability state of my environment, or of some subset of my environment, at this point in time? 
  • Did a certain vulnerability exist in my environment last week?
  • What was the vulnerability state of the company’s financial servers 30 days ago? 
  • Which assets were running Office 365 v2012 last June?

VM – Host Information Data

This Report Template identifies SSL certificates that have expired, are about to expire, or are issued by a user specified certificate authority (CA).

Questions answered: 

Which SSL certificates exist in my environment? 

Which SSL certificates have expired or are about to expire? 

Which SSL certificates are associated with a specific CA?

VM – Vulnerability Aging

Provides a detailed understanding of how vulnerabilities have aged over time, including when the vulnerability was first seen, last seen and whether it has been remediated.

Questions answered:
  • How long has a vulnerability existed in my environment?
  • How long did it take for a vulnerability to be remediated?
  • How many vulnerabilities are due to be remediated in the next 30 days?
  • How many vulnerabilities are past due (beyond 30 days) for remediation?

VM – Vulnerability Details

For a vulnerability or group of vulnerabilities, shows detailed information about the assets that have the vulnerability present. Report data can be exported as CSV.

Questions answered:
  • Which assets have a specific vulnerability?
  • How do I remediate a specific vulnerability?
  • Which assets have specific vulnerabilities?

VM – Vulnerability Inventory

List of vulnerabilities that exist in the environment with a count of the assets that have the vulnerability present.

Questions answered: 
  • What vulnerabilities are present in my environment? » Are there any high or critical vulnerabilities in my environment based on the CVSSv3 score? 
  • Are there any vulnerabilities in my environment above a certain IP360 Vulnerability Score? 
  • When was the last time a specific vulnerability was seen in my environment?
  • How many assets have a specific vulnerability in my environment?

VM – Vulnerability Management Summary

A high-level overview of the risks posed by existing vulnerabilities in your organization’s environment.

Questions answered:
  • Am I above or below my security threshold? 
  • Do certain operating systems have more vulnerability associated risk than others in my environment?

VM – Vulnerability Trends

Displays trend information of vulnerability scans across the environment or by groups of assets using the IP360 Network Group.

Questions answered: 
  • Have the number of assets being scanned for vulnerabilities gone up or down over time? 
  • Has the average IP360 Host Score improved or gotten worse over time?

VM – Vulnerability Variance

This is a differential report that provides users the ability to identify vulnerability changes between assets over two distinct user-specified time frames.

Questions answered: 
  • How are my unique asset counts and vulnerability counts trending from the previous time window to the current window?
  • How many new assets were discovered between the two time windows? 
  • How many assets were present in the previous window, but not in the current window? 
  • How many new vulnerabilities were discovered between the two time windows?
  • How many vulnerabilities were remediated between the two time windows? 
  • How many vulnerabilities were identified, but not remediated during both time windows?