1. Tripwire Enterprise Server Network Nodes, Reports, and Dashboards Vincent Fox and Doreen Meyer UC Davis, Information and Educational Technology August 9, 2006

2. Network Device Node A network device node can be any router, switch, firewall, load balancer, or unix-compliant system A network device node can be any router, switch, firewall, load balancer, or unix-compliant system

3. Adding a Network Device Node

10. Network Device Rules See User Guide p. 79 See User Guide p. 79 Configuration File Rules – check ONLY config files of many common hardware devices. Configuration File Rules – check ONLY config files of many common hardware devices. COVR – Command Output Validation Rules. Useful to check any runtime aspect of a device. COVR – Command Output Validation Rules. Useful to check any runtime aspect of a device. Example: netstat -nr

11. Demo Vincent demo of network device rules applied against a NetScreen firewall and a UNIX system. Vincent demo of network device rules applied against a NetScreen firewall and a UNIX system.

12. Reports Use reports to identify trends and problem areas.

13. Report Manager

14. Report Groups

15. Report Group Permission Any user can create a report. System report group: check box User report group: do not check box System report group: user must have Manage System Reports permission

16. New Report

17. Report Types Change process compliance Change process compliance Change rate Change rate Change variance Change variance Change window Change window Changed elements Changed elements Frequently changed nodes Frequently changed nodes Changes by node or group Changes by node or group Changes by severity Changes by severity Detailed changes Detailed changes Device inventory Device inventory Elements Elements Frequently changed elements Frequently changed elements

18. Report Types Last node check status Last node check status Missing elements Missing elements Monitoring policy Monitoring policy Nodes with changes Nodes with changes Reference node variance Reference node variance System access control System access control System log System log Unchanged elements Unchanged elements User rules User rules

19. Change Variance Report

20. Report Criteria Actions Actions Change types Change types Charts Charts Compare nodes Compare nodes Current versions Current versions Elements Elements Frequency Frequency General General Links Links Message Message Message filter Message filter Node Node Packages Packages Reference Node Reference Node Roles Roles Rules Rules Severity ratings Severity ratings Sorting Sorting Tasks Tasks Time range Time range Users Users User names User names

21. Change Variance Criteria

26. Changes by Severity

27. Changes by Severity Criteria

28. Creating a Report Task

32. Dashboards Use Dashboards to monitor reports.

33. Creating a New Dashboard

37. Questions Questions Questions Ongoing discussion format Ongoing discussion format Evaluation Evaluation

38. Contacts ucdtripwire@ucdavis.edu - class mailing list ucdtripwire@ucdavis.edu - class mailing list ucdtripwire@ucdavis.edu Vincent Fox - vbfox@ucdavis.edu Vincent Fox - vbfox@ucdavis.eduvbfox@ucdavis.edu Doreen Meyer - dimeyer@ucdavis.edu Doreen Meyer - dimeyer@ucdavis.edudimeyer@ucdavis.edu Bob Ono - raono@ucdavis.edu Bob Ono - raono@ucdavis.eduraono@ucdavis.edu Paul Singh - pasingh@ucdavis.edu Paul Singh - pasingh@ucdavis.edu Software - software@ucdavis.edu Software - software@ucdavis.edu