A TLC object that initiates a response to Correlated Events created by Correlation Rules.
A TLC Manager to which a Failover Manager has been assigned.
In this page, you can manage the user accounts, user groups, permissions, and Global Settings for your TLC environment.
A type of Task that performs an administrative operation on specified data in an Event-Management Database. Types of Administrative Tasks include Archive, Copy, and Delete Tasks.
A type of Collector that collects log messages from log-generating applications running on an Axon Agent host system via the Secure Sockets Layer (SSL) protocol.
A type of Collector that collects log messages from Windows Event Logs on Axon Agent systems via the Secure Sockets Layer (SSL) protocol.
A custom variable that represents a partial or complete regular expression.
A type of Administrative Task that moves specified data from one Event-Management Database to another. See also Audit Logger Archive Task.
A Log Source in your TLC environment. See Monitored Assets and Discovered Assets.
Applies configuration properties to an auto-discovered Monitored Asset if the Asset satisfies criteria specified by the rule.
The process by which TLC scans a Manager's Audit Logger File Store to identify the IP addresses of Log Sources in your TLC environment for which Monitored Assets have yet to be created in your TLC Console (a.k.a., Discovered Assets).
A TLC object that may contain one or more Monitored Assets.
The TLC Console component in which you can work with the log messages collected by TLC.
An Audit Logger task that archives log messages identified by specified criteria.
Consists of a series of compressed flat files containing the log messages collected by the Manager from Log Sources, and an index of terms contained in the log messages.
An automated process by which TLC creates a Monitored Asset for an unknown Log Source that generated a log message collected by TLC.
A component of TLC Manager through which Axon Agents deliver log messages to TLC.
A system on which Tripwire Axon Agent for TLC software has been installed.
A type of Collector that listens for log messages from a Check Point Manager.
A type of Collector that gathers log messages from Cisco IDS sensors.
The process of categorizing log messages with Classification Tags.
Defines a string to classify similar log messages stored in the Audit Logger File Store.
A group of Tripwire-defined or user-defined Classification Tags.
A component of the Normalization Engine that standardizes the format of each name-value pair in log messages.
The gathering or receipt of log messages from Log Sources.
A TLC module that gathers or receives log messages from Log Sources.
A type of Layout Panel that displays a diagram of the Log Sources, Collectors, Managers, Audit Loggers, Correlation Engines, and Event-Management Databases in your TLC environment.
In the Configuration Manager, you can create and configure TLC Resources (Monitored Assets, Asset Groups, Managers, Locations, Event-Management Databases), normalization objects (Normalization Rules, Aliases, and Normalized-Message Filters), and correlation objects (Correlation Engines, Rules, Lists, and Actions).
A type of Administrative Task that copies specified data from one Event-Management Database to another.
An event of interest identified by the Correlation Engine.
The examination of Normalized Messages for events of interest, along with the ability to initiate appropriate responses; for example, sending an email notification to specified recipients.
The component of your Primary Manager responsible for identifying events of interest. To correlate events, the Correlation Engine applies Correlation Rules to the Normalized Messages received from the Normalization Engine.
A list of values that may be used to define a condition in a Decision.
Constructed with a flowchart consisting of an Input, Decision(s), and Output(s), a Correlation Rule correlates log messages to identify events of interest.
A command that users can run when they select a field or a row in a table in the TLC Console.
A TLC Console component that presents information about a Manager or Event-Management Database in a Layout.
A type of Collector that gathers log messages from an application that logs to an External Database.
A type of Layout that presents information about the Events in a selected Event-Management Database.
A TLC Console component in which you can review information about Events in Event-Management Databases. Types of Database Viewers include the Event-Database Viewer, IDS-Database Viewer, and Firewall-Database Viewer.
A component of a Correlation Rule, a Decision defines a condition that determines if the rule continues correlating a log message.
A type of Administrative Task that removes specified data from a Event-Management Database.
An Asset identified by the Asset Discovery process.
A Correlation List consisting of items that are automatically updated by TLC when related data is changed on another system; for example, user logins on an Active Directory server.
A type of Action that sends an email notification to specified recipients.
1. Either a log message that a Manager has standardized (i.e. normalized) for use by TLC (a.k.a. Normalized Messages), or an event or vulnerability imported from a scanner. 2. An 'event message' collected from a Log Source.
A type of Database Viewer in which you can query and work with the data in your Event Databases.
An optional component of your TLC environment, an Event-Management Database stores Events. Types of Event-Management Databases include Event Databases, IDS Databases, and Firewall Databases.
A TLC-generated diagram depicting the series of communications between systems involved in two or more Events.
A type of Event-Management Database that stores Events from any Log Source and/or scanner.
To normalize and correlate log messages to identify events of interest, TLC uses the Normalization Rules and Correlation Rules in the Configuration Manager. As appropriate, you may configure your Correlation Rules to save log messages as Events in Event-Management Databases. In the TLC Console, you can then review and query these Events in the appropriate Database Viewer.
A work ticket for an Event in an Event-Management Database.
A TLC Manager that serves as a backup system for another Manager in the event of system downtime.
A type of Collector that gathers log messages from Log Sources that store messages in an ASCII log file.
A type of Database Viewer in which you can query and work with the data in your Firewall Databases.
A type of Event-Management Database that stores Events from firewalls.
A third-party, log-archive tool to which log messages are forwarded by the Log-Message Forwarding feature.
A type of Search Task that queries an Event-Management Database and presents the results in a graph.
1. A Log Source or a system involved in an Event. 2. A system on which TLC Manager, TLC Console, or Event-Management Database software is installed.
A type of Database Viewer in which you can query and work with the data in your IDS Databases.
A type of Event-Management Database that stores Events from IDS and IPS devices.
A TLC Console component in which you can run queries with conventional utilities to gather information about Hosts (e.g. NSLookup, Ping, Traceroute, and Whois).
A TLC object that applies highlighting to specified IP addresses when the addresses are displayed in a list in the TLC Console.
1. A customizable configuration of panels containing fields, tables, and/or graphs. 2. The configuration and formatting of a table or Event-Relationship Diagram.
A type of Task that creates a Layout Panel that may be added to a Manager Layout or Database Layout.
A component of a Layout. Types of Layout Panels include Configuration Diagram, Map, Text, Time Graph, and Top Graph.
A type of Search Task that queries an Event-Management Database and presents the results in a table.
A custom category used to classify Monitored Assets by geography.
A TLC feature used to forward copies of log messages to one or more third-party, log-archive tools (known as Forwarding Destinations).
TLC saves collected log messages in the Audit Logger File Store. In the TLC Console's Audit Logger, you can review and query the log messages in the file store.
A data record generated by a Log Source and collected by TLC.
Any log-generating application, operating-system service, database instance, or device from which TLC collects log messages.
A type of Layout that presents information about 1) a selected Manager’s system resources and configuration, and 2) the log messages collected by the Manager's Collectors.
A type of Layout Panel that displays the geographic locations of IP addresses on a map.
An object in the TLC Configuration Manager that represents a Log Source from which TLC collects log messages directly.
A type of Collector that listens for Syslog and SNMP-based log messages from network devices.
The process of standardizing log messages for use by TLC. Standardized messages are known as Normalized Messages.
The component of your Primary Manager responsible for normalizing log messages.
Defines a regular expression that can be used to normalize log messages generated by a specific type of Log Source.
A field in a Normalized Message.
A TLC object that defines a condition(s) to prevent TLC from forwarding some log messages to a specified Event-Management Database(s) or Correlation Engine(s).
A log message that has been normalized by TLC.
A type of Action that creates a Notification in the Notifications dialog of the TLC Console.
A type of Collector that gathers log messages from Oracle database audit logs.
Assigned to a Monitored Asset, an Output Destination is either the Audit Logger, an Event-Management Database, or a Correlation Engine that correlates Normalized Messages.
A component of the Normalization Engine that parses each name-value pair in log messages.
Each TLC environment has a single Primary Manager that controls:
1. The storing of log messages in the Audit Logger File Store and Events in Event-Management Databases,
2. The configuration settings for your TLC environment, and
3. User access and license management for TLC.
A TLC Console component that displays log messages as they are collected by TLC.
A type of Search Task that queries an Event-Management Database and compiles the results in a PDF report file.
A device that monitors systems in your TLC environment (for example, a vulnerability scanner).
An Event created when you import data from a scanner to an Event Database.
Created in the Task Scheduler, a Scheduled Task defines a schedule for TLC to run:
1. A Copy Task, Delete Task, Archive Task, or Report Task.
2. A Saved Query that generates an Audit Logger Report.
A type of Action that runs a Windows command.
A type of Task that performs a query of data in an Event-Management Database. Types of Search Tasks include List, Graph, and Report Tasks.
Your TLC environment may also include one or more Secondary Managers that may be configured to either:
1. Store log messages (as with a Primary Manager), or
2. Forward log messages to another Manager.
A type of Action that sends a Syslog message to a specified Syslog server.
Installed on your Primary Manager, the System Database stores a record of all user logins and logouts, as well as all TLC objects defined in the TLC Console; for example, Monitored Assets, Normalization Rules, and Event Tickets
A type of Administrative Task that removes specified data from the System Database.
Created and configured in the Task Manager, a Task queries Events, Hosts, or Scanner Events in an Event-Management Database to perform an operation. Types of Tasks include Layout-Panel, Administrative, and Search Tasks.
A type of Layout Panel that presents data in a table.
The TLC Console component that is a complete ticketing and incident-handling system.
A type of Layout Panel that presents a timeline of log messages or Events in a graph.
1. Tripwire LogCenter Console is the software for the TLC graphic user interface (GUI), or
2. The Tripwire LogCenter GUI. Through the TLC Console, you can configure TLC, oversee your TLC environment, and manage log and event data.
A system on which TLC Console software has been installed.
Consists of all TLC software, Managers, Log Sources, Monitored Assets, Collectors, and data in your TLC installation.
Tripwire LogCenter Manager is the core software in your TLC environment. TLC Manager collects and processes log messages from a wide variety of systems and devices.
The graphic user interface (GUI) for TLC Manager.
A type of Layout Panel that displays the Top N items in a graph or chart.
A service that may be installed on a Windows, AIX, or Linux system to collect log messages from any log-generating application running on the system. When installed on a Windows system, this service can also collect the system's Windows Event Logs via the Secure Socket Layer (SSL) protocol.
A TLC object that provides a user with a collection of User Permissions to work with TLC.
A collection of User Accounts.
A system authorization that enables a user to view, create, or otherwise modify data in TLC.
A potential security weakness identified by a vulnerability scanner. In an Event Database, you can import or collect vulnerabilities detected by a scanner.
An event imported from a vulnerability scanner.
A type of Collector that collects log messages from Windows Event Logs via the Windows Management Instrumentation (WMI) protocol.