- North Korean Fake IT Workers Leverage GitHub to Build Personas
- Is this Windows all-in-one a worthy iMac M4 alternative? The 32-inch display says yes
- Is your disaster recovery a house of cards? Why BIA, BCP, and DRP are your foundation
- VMware Product Release Tracker (vTracker)
- I finally found a smartwatch with a timeless analog look - and the features I need
Enhancing Security Monitoring with Tripwire's Change Audit: New Rules for Firewalls, WFP, and Microsoft Store Applications
What is it?
The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.
Changes to CA
Additional rules were added to the Change Audit rule set. These rules provide customers the ability to monitor for changes to the firewall, Windows Filtering Platform, and Microsoft Store.
Firewall
Firewalls monitor network traffic and use rules to block or allow traffic. Allowing services that are not normally accessible to the network could cause unnecessary risk. Monitoring the Firewall for rule changes ensures that no additional services are exposed to the network as well as ensuring that no expected services become unavailable.
Windows
Ubuntu
Windows Filtering Platform Rule
Windows Filtering Platform (WFP) has an API that provides a way to filter network traffic. Tripwire Enterprise now monitors for additional entries to the WFP.
Interested in the difference between a change audit and a critical change audit? Click here! If you’d like to learn more about our services, you can contact us by following this link.
Blocking Microsoft Edge with WFP
Microsoft Store Applications
The Change Audit rule set was monitoring for changes to installed applications but missed installations from the Microsoft Store. A new rule has been introduced to capture the installation of applications from the Microsoft Store.
Newly installed Microsoft Store Applications
Summary
In order to have access to this new content, Tripwire Enterprise users must install the latest version of the Change Audit rule set. Once installed, these changes will allow a Tripwire Enterprise admin to determine if a change event has occurred.
Interested in the difference between a change audit and a critical change audit? Click here!
If you’d like to learn more about our services, you can contact us by following this link.
