- I finally found a smartwatch with a timeless analog look - and the features I need
- I tried the viral magnetic camera lens phone at MWC - it did not disappoint
- I saw Samsung's thinnest Galaxy phone ever at MWC - and it made my devices feel outdated
- Half of Online Gambling Firms Lose 10% of Revenue to Fraud
- Are tri-foldable phones the next big thing? I tried one from an upstart brand
Enhancing Security Monitoring with Tripwire's Change Audit: New Rules for Firewalls, WFP, and Microsoft Store Applications
What is it?
The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.
Changes to CA
Additional rules were added to the Change Audit rule set. These rules provide customers the ability to monitor for changes to the firewall, Windows Filtering Platform, and Microsoft Store.
Firewall
Firewalls monitor network traffic and use rules to block or allow traffic. Allowing services that are not normally accessible to the network could cause unnecessary risk. Monitoring the Firewall for rule changes ensures that no additional services are exposed to the network as well as ensuring that no expected services become unavailable.
Windows
Ubuntu
Windows Filtering Platform Rule
Windows Filtering Platform (WFP) has an API that provides a way to filter network traffic. Tripwire Enterprise now monitors for additional entries to the WFP.
Interested in the difference between a change audit and a critical change audit? Click here! If you’d like to learn more about our services, you can contact us by following this link.
Blocking Microsoft Edge with WFP
Microsoft Store Applications
The Change Audit rule set was monitoring for changes to installed applications but missed installations from the Microsoft Store. A new rule has been introduced to capture the installation of applications from the Microsoft Store.
Newly installed Microsoft Store Applications
Summary
In order to have access to this new content, Tripwire Enterprise users must install the latest version of the Change Audit rule set. Once installed, these changes will allow a Tripwire Enterprise admin to determine if a change event has occurred.
Interested in the difference between a change audit and a critical change audit? Click here!
If you’d like to learn more about our services, you can contact us by following this link.
