- 연 85억 원 절감한 공공기관의 선택…출장 관리 DX로 완성한 비용 최적화 공식
- Zoom goes down across the globe - what we know about the outage so far
- AIがCXを加速:年間8600億ドルのビジネス価値創出の可能性、では導入の壁は?
- Free IRS Direct File service for taxpayers to end, according to reports
- Why the CVE database for tracking security flaws nearly went dark - and what happens next
Enhancing Security Monitoring with Tripwire's Change Audit: New Rules for Firewalls, WFP, and Microsoft Store Applications
What is it?
The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.
Changes to CA
Additional rules were added to the Change Audit rule set. These rules provide customers the ability to monitor for changes to the firewall, Windows Filtering Platform, and Microsoft Store.
Firewall
Firewalls monitor network traffic and use rules to block or allow traffic. Allowing services that are not normally accessible to the network could cause unnecessary risk. Monitoring the Firewall for rule changes ensures that no additional services are exposed to the network as well as ensuring that no expected services become unavailable.
Windows
Ubuntu
Windows Filtering Platform Rule
Windows Filtering Platform (WFP) has an API that provides a way to filter network traffic. Tripwire Enterprise now monitors for additional entries to the WFP.
Interested in the difference between a change audit and a critical change audit? Click here! If you’d like to learn more about our services, you can contact us by following this link.
Blocking Microsoft Edge with WFP
Microsoft Store Applications
The Change Audit rule set was monitoring for changes to installed applications but missed installations from the Microsoft Store. A new rule has been introduced to capture the installation of applications from the Microsoft Store.
Newly installed Microsoft Store Applications
Summary
In order to have access to this new content, Tripwire Enterprise users must install the latest version of the Change Audit rule set. Once installed, these changes will allow a Tripwire Enterprise admin to determine if a change event has occurred.
Interested in the difference between a change audit and a critical change audit? Click here!
If you’d like to learn more about our services, you can contact us by following this link.
