Working with Tripwire Enterprise Servers

If you complete the steps below to add a Tripwire Enterprise (TE) Server to the Tripwire Enterprise Servers page in the TLC Configuration Manager, your TLC Console will have the ability to query the TE Server for nodes and elements cited in the properties of Normalized Messages displayed in the Audit Logger and Event-Database Viewer. For a detailed description of this feature, see the Integration Guide: Tripwire Enterprise & Tripwire Log Center PDF on the Tripwire Customer Center:

https://tripwireinc.force.com/customers

In addition, if you enable the Use this server for Asset View setting for a TE Server (see Table 96), you will be able to create a Dynamic Correlation List consisting of the IP addresses of TE Assets identified by a TE saved filter. For more information, see Working with Correlation Lists.

Note 

If multiple TE Servers are added to the Configuration Manager, TLC will only connect with the TE Server for which the Use this server for Asset View setting is enabled (see Table 96). Therefore, only the saved filters from this TE Server will be available for assignment in a Correlation List.

To add, edit, or delete a Tripwire Enterprise Server:

1. In the side bar, select Resources >Configuration ManagerConfiguration Manager.
2. In the side bar of the Configuration Manager, select ResourcesResources >LocationsTripwire Enterprise Servers.
3. To add a TE Server:
a. ClickAddAdd.
b. Complete the Tripwire Enterprise dialog (see Table 96).
c. Click Test Connection to verify your settings.

Note 

To test the connection, TLC logs in to TE with the TE user account specified in the Tripwire Enterprise dialog. If the account is already logged in to TE when TLC authenticates, the test will terminate the other session.

d. Click Save.

To edit the settings of a TE Server:

a. In the workspace, double-click the TE Server.
b. Edit the Tripwire Enterprise properties dialog and click Save.

To delete a TE Server, select the TE Server and clickDeleteDelete.

Next 

To assign one of the TE Server's saved filters to a Correlation List, see Working with Correlation Lists.

Table 96. Fields in the Tripwire Enterprise dialog

Field

Description

Name

A name of your choice for the TE Server.

Base URL

The IP address or host name of the TE Server.

Username

The username of a valid TE user account with the following Node Management permissions: 

Create

Delete

Link

Load

Update

View

Passphrase

The passphrase for the TE user account.

Use this server for Asset View

In the Asset View of a Tripwire Enterprise (TE) Console, TE users can create saved filters to classify assets in TE. If this setting is enabled, you can create a dynamic Correlation List with the IP addresses of the assets specified by the saved filters on the TE Server (see Working with Correlation Lists). However, this setting can only be enabled for a single TE Server.

For more information about Asset View and saved filters, see the Tripwire Enterprise User Guide.

Cryptographic Protocols

If Use this server for Asset View is enabled, you can specify the cryptographic protocols with which TLC will communicate with TE.

Otherwise, TLC will use all protocols in this field for communications with TE.

Notes: TE does not support the SSL 3 protocol.

To successfully employ a cryptographic protocol for communications with TE, the protocol must also be enabled in: 

The TE Console

The operating system of the TE Server

The operating system of your TLC Manager

TLC will employ the most secure protocol supported by all of these systems.