Asset management is a tricky subject. In many cases, organizations have no idea about how many assets they have, let alone where they are all located.  Fortunately, there are tools that can assist with reaching your asset management goals. While Tripwire Enterprise (TE) is great for detecting unauthorized changes on your system and also for ensuring your systems are hardened (as well as stay hardened), you must first get a handle on managing the assets that you’re monitoring.

Tripwire Enterprise makes that task easy if your Tripwire agent is part of your image build. When the instance of the Operating System (OS) is created, the agent activates and connects to the Tripwire console. The agent tells the console what OS is running on the system along with its hostname. The Tripwire console then puts the asset in a group for that OS type. Easy and automatic! 

However, there is some massaging that is needed to catalog the asset the way that works best for your security practice. I have seen various divergences in what people users do to get that asset regularly monitored. In an effort to make your Tripwire experience even better, I will cover some best practices and methods for making the management of assets easy in Tripwire. Easy is what you want; easy is what can be achieved.

If you’re monitoring more than a hundred nodes in Tripwire, then your environment most likely has some “churn” in the assets that are in use and that need to be monitored. Automating the onboarding and offboarding of assets, ensuring that they are tagged correctly and verifying that they have the correct rules applied is a daunting effort without automation. Fortunately, Tripwire gives you options to automate the asset management process in your Enterprise console.

What rules are (Read more...)