- One of the most versatile action cameras I've tested isn't from GoPro - and it's on sale
- Small Manufacturers, Big Target: The Growing Cyber Threat and How to Defend Against It
- T-Mobile will give you the Samsung Galaxy S25 Plus for free - how the deal works
- At last, wireless earbuds that sound great, feel comfortable, and won't break the bank
- Will your Mac or Windows PC still get security updates in 2026? Check this chart
Enhancing Security Monitoring with Tripwire's Change Audit: New Rules for Firewalls, WFP, and Microsoft Store Applications
What is it?
The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.
Changes to CA
Additional rules were added to the Change Audit rule set. These rules provide customers the ability to monitor for changes to the firewall, Windows Filtering Platform, and Microsoft Store.
Firewall
Firewalls monitor network traffic and use rules to block or allow traffic. Allowing services that are not normally accessible to the network could cause unnecessary risk. Monitoring the Firewall for rule changes ensures that no additional services are exposed to the network as well as ensuring that no expected services become unavailable.
Windows
Ubuntu
Windows Filtering Platform Rule
Windows Filtering Platform (WFP) has an API that provides a way to filter network traffic. Tripwire Enterprise now monitors for additional entries to the WFP.
Interested in the difference between a change audit and a critical change audit? Click here! If you’d like to learn more about our services, you can contact us by following this link.
Blocking Microsoft Edge with WFP
Microsoft Store Applications
The Change Audit rule set was monitoring for changes to installed applications but missed installations from the Microsoft Store. A new rule has been introduced to capture the installation of applications from the Microsoft Store.
Newly installed Microsoft Store Applications
Summary
In order to have access to this new content, Tripwire Enterprise users must install the latest version of the Change Audit rule set. Once installed, these changes will allow a Tripwire Enterprise admin to determine if a change event has occurred.
Interested in the difference between a change audit and a critical change audit? Click here!
If you’d like to learn more about our services, you can contact us by following this link.
