Tripwire Customer Center

Alerts & Announcements

Alerts

There are no alerts at this time.

Announcements
Tripwire Log Center July 2020 Content Update - Now Available
Tripwire is pleased to announce this Tripwire Log Center Content update for July 2020. This release includes new and updated Normalization Rules to increase the amount of supported devices and provide additional coverage for existing ones.
HIGHLIGHTS IN THIS RELEASE
  • New and updated Normalization Rules to expand coverage for:
    • Tripwire Industrial Visibility 4.1.1.
    • Tripwire Industrial Sentinel 4.1.1.
    • Hirschmann Classic L29.
    • VMware ESXi 6.5.0.
    • Red Hat Ansible Tower 3.6.0.
    • Sophos XG Firewall and Antivirus.
  • Expanded coverage and performance improvements for Microsoft Windows-based normalization rules.
  • New and updated Normalization Rules for additional devices based on customer requests.
You can download this Content update directly from your TLC Console or from the Tripwire Customer Center.
Note: Tripwire Log Center versions prior to 7.4.4 have an issue with downloading TLC updates and Content directly from the Console. If you are affected by this problem, please retrieve the latest release and/or Content from the Tripwire Customer Center.
Tripwire File Analyzer 2020Q3.2.1 - Now Available

Tripwire is pleased to announce the release of Tripwire File Analyzer (TFA) 2020Q3.2.1 formally known as Threat Intelligence Integration (TII).


This release is primarily focused on usability and bug fixes with no new threat/reputation provider support.


HIGHLIGHTS

  • Added TRACE verbosity level to the logs.
  • Added friendly names for options/settings in the Wizard menu.
  • Added logic to retry failed connections. The number of retries can be configured in the Wizard > Configure > General menu.
  • Made multiple improvements to log messages.
  • Improved the verbiage and layout of the Wizard Status menu.
  • Improved Scrolling/Input logic for the Wizard Install/Update EULA forms.
  • Fixed an issue where the wizard would show an exception in certain situations.


For more information about this release please refer to the documentation inside the TFA download package.

Tripwire Enterprise 8.8.4 - Upgrade Issue

A problem has been discovered in Tripwire Enterprise 8.8.4 that can affect upgrading from previous versions of TE. During the database schema migration phase of the upgrade process, the migrator may cause a database exception because it attempts to add a column that already exists to the tdc_web_retreiver and/or tdc_webscript_retreiver table. This does not happen in all circumstances and will not affect new installs, only upgrades.

If this issue occurs, the TE console upgrade will fail. A message such as the following will appear in the teserver.log:

java.sql.SQLException: SQLException executing 'ALTER TABLE tdc_web_retriever ADD f_timeout INT': Column names in each table must be unique. Column name 'f_timeout' in table 'tdc_web_retriever' is specified more than once.

Because of this issue, we will be recalling the TE 8.8.4 console installers from the Customer Center and reissuing updated installers as soon as a fix is available.

If you find that you are affected by this issue, there is a workaround to allow the upgrade to proceed and complete. The column f_timeout needs to be dropped (if it exists) from the tdc_web_retreiver table and the tdc_webscript_retreiver table in the Tripwire Enterprise backend database, then restart the Tripwire Enterprise server service.

If restarting the TE service proves insufficient, the migrators can be re-run manually after dropping the columns with the following command:

<TE_HOME>/bin/tetool run com.tripwire.space.migration.SpaceMigrator

Tripwire IP360 x800 VnE Series
Tripwire IP360 x800 VnE Manager series is now available
Tripwire is pleased to announce the new x800 series of the IP360 Vulnerability and Exposure Manager (VnE) appliance. The Tripwire VnE Manager 1800 and 5800 are hardened industrial-grade servers utilizing a high performance processor architecture – including Intel Xeon processors, RAID-based hard disk storage, and integrated Ethernet communication. The VnE 1800 offers an Octa-Core Xeon 2.1GHz processor and 2TB of RAID storage, while the 5800 includes 2 Octa-Core processors and 4TB of storage. Both incorporate two 10G and two 1G Ethernet network interface adapters. The VnE can control and manage multiple IP360 Device Profiler (DP) appliances, and allows customers to configure and manage vulnerability scans, and to access, analyze, and manage stored scan data. The IP360 VnE Manager 1800 and 5800 are available for immediate purchase.
Tripwire Enterprise Console 8.8.4 & TE Axon Agent 8.8.3.1 - NOW AVAILABLE
Tripwire is pleased to announce this new release of Tripwire® Enterprise.

Tripwire Enterprise 8.8.4 adds the ability to perform Automated Remediation, as well as check single elements within a rule rather than a whole rule, with TE Axon agents from the TE console.

This new release of the Axon agent adds Debian 10.4 support as well as a number of bug fixes. Please note that this release of the Axon agent is compatible with any version of the TE Console 8.8.3 or later.

This release includes security enhancements, please refer to the release notes for more detail. Tripwire recommends upgrading to this release in order to maintain a more secure deployment.

HIGHLIGHTS

Automated Remediation with Axon Agents
TE 8.8.4 now allows for Axon agents to be used in an Automated Remediation workflow. The same remediator scripts and approval workflow that is used for Tripwire Enterprise agents can now be used on nodes with TE Axon 8.8.3.1 agents.

Single-Element Checking with Axon Agents
The TE 8.8.4 release also adds the ability to check individual elements within a rule with TE Axon agents. This will make prototyping and testing rules with Axon agents much easier and quicker from the TE console, as only the affected elements need to be re-checked.

TE Console Changes
The TE 8.8.4 release includes the following fixes:
  • Added support for automated remediation on Axon Agent systems.
  • Axon Agents now support checking specific elements when initiating a version check from the Node Manager.
  • Resolved multiple errors related to TE user management using LDAP/Active Directory.
  • Resolved an issue when processing backslash characters in Active Directory usernames.
  • Resolved an issue with the Compact Element Versions task that prevented removal of element data.
  • Resolved an issue with importing FastTrack content in a Japanese locale.
  • Resolved a parser error that prevented import of some policy tests.
  • Removed a log entry from the Security Audio Log for LDAP-related messages.
  • Resolved an error when migrating an SQL Server backend database.
  • Added a link to promote cloud-based reporting for TE users.
  • Updated to Netty-3.6.3-Final to address CVE-2015-2156, CVE-2019-10797, CVE-2019-16869, and CVE-2019-20444.
  • Updated Spring-core-4.3.2.RELEASE to address CVE-2016-9878, CVE-2018-11039, and CVE-2018-11040.

TE Axon Agent Changes
The TE Axon 8.8.3.1 release includes the following fixes and security enhancements:
  • Added support for automated remediation on Axon Agent systems.
  • Axon Agents now support checking specific elements when initiating a version check from the Node Manager.
  • Improved management of events to reduce resource consumption.
  • Resolved crashing issue when installing on Windows 10 systems with Device Guard.
  • Removed the requirement to run teauditconfig after installing Axon Agent on AIX systems.
  • Resolved multiple issues related to the shutdown of Axon Agents.
  • Improved tesvc logging.
  • Added Tripwire Axon Agent platform support
    • ​​​​​​​Debian 10.4 (x86_64)
Tripwire Whitelist Profiler 2020Q2.5.6 - NOW AVAILABLE

Tripwire is pleased to announce the latest release of Tripwire® Whitelist Profiler (WLP). WLP 2020Q2.5.6 is a feature release providing new platform support, helpful options, and additional fixes and improvements.


HIGHLIGHTS

Configurable severity levels for output rule elements

Tripwire Enterprise (TE) now uses the default severity level of your output rules when assigning severity levels to change versions created by WLP. This allows you to designate the relative significance of changes to output rule elements (which contain the WLP report output), integrating them with your change management process. If you have no need to do so, WLP will continue to behave as before.

Optionally exclude 'Process ID' field from FIM report output

Tired of reviewing unhelpful changes to a node's open ports FIM report output due to changing process IDs? Now you have the option to exclude them.

New platform support for Agent-based whitelisting

This release adds Agent-based whitelisting support for a number of new platforms. WLP now supports whitelisting of open ports, services, software, and users for each of the following Agent-based platforms (unless otherwise indicated):

  • CentOS 6, 7, and 8
  • Debian 10
  • Oracle Linux 6, 7, and 8
  • Oracle Solaris 11.4
  • Red Hat Enterprise Linux (RHEL) 8
    • Also supports whitelisting of routes
  • SUSE Linux Enterprise Server (SLES) 12 and 15

Notable Changes

This release also includes several notable changes, from fixes to enhancements. Please refer to the release notes for the comprehensive list and specific details.

Note: Due to a change in the REST API for TE Console 8.8.4, you must upgrade WLP to this version (2020Q2.5.6) in order to continue whitelisting by saved filter. If you do not employ saved filters to scope your whitelist records to nodes and have no plans to, upgrading WLP is highly encouraged but not required.

This release includes security enhancements, please refer to the release notes for more detail. Tripwire recommends upgrading to this release in order to maintain a more secure deployment.


Tripwire Whitelist Profiler 2020Q2.5.6 is available for download from the Tripwire Customer Center in the APPS section of the Tripwire Enterprise product download page.


For complete information on this release and additional important details, see the release notes available as an HTML document in the WLP installation package.

Tripwire Log Center 7.4.5 - Now Available

This release includes security enhancements. Please refer to the release notes for more detail. Tripwire recommends upgrading to this release in order to maintain a more secure deployment

Tripwire is pleased to announce the latest release of Tripwire Log Center. This release includes the latest version of the Axon Access Point which addresses several vulnerabilities by integrating updated components. This release also supports configuration Location-based data retention policies via Audit Logger archive tasks, the ability to manually start the failover process, as well as cumulative fixes and enhancements based on customer issues and requests.

HIGHLIGHTS IN THIS RELEASE

  • The latest version of the Axon Access Point, which includes supportability improvements, and addresses several vulnerabilities found in previous versions. For the complete details, please review the Release Notes document.
  • The ability to manually start the Failover process in case of planned downtime, to minimize log collection gaps.
  • The ability to specify a Location when working with Audit Logger Archive Tasks, allowing you to segment your data retention policies per Location and enforcing granular permissions
  • In order to maintain stable performance of the configuration database without having to restart the TLC Manager service, the defragment process is now executed during push updates, preventing log collection gaps.

You can download the latest release from the Tripwire Customer Center.

Note: Versions prior to 7.4.4 have an issue with downloading TLC updates and Content directly from the Console. If you are affected by this problem, please retrieve the latest release and/or Content from the Tripwire Customer Center.

Tripwire Configuration Manager Summer 2020 Release

Tripwire Configuration Manager Summer 2020 Release

Tripwire is pleased to announce the initial release of Configuration Manager, which is the newest addition to the Tripwire SaaS platform hosted at Tripwire.io.

This first release of Configuration Manager allows users to scan their Cloud Service Provider accounts to determine whether they are configured securely, and even automate the remediation of some types of insecure configurations.

HIGHLIGHTS

  • Amazon Web Services (AWS) CIS Configuration Monitoring

    • Determine the current state of an AWS account’s configuration, and compare against the foundational aspects of account security, as detailed in the CIS AWS Foundations Benchmark.

  • Automated Enforcement

    • Minimize human error through automated configuration policy enforcement. Manual remediation details are available, and AWS CLI commands are available where applicable. Wherever possible, we’ve also enabled the user to “Fix Now” with a single button push, or to automatically fix issues in the future if they are insecure in a future scan.

  • Fast AWS External Account Setup

    • Using the AWS Launch Stack feature, we’re able to set up a new account for monitoring in a few clicks in under 5 minutes. The External access method allows us to access an AWS account without storing credentials or access keys that a user needs to rotate.

  • Prioritized Risk Scoring

    • Fix your highest-risks first using prioritized risk scoring for all unresolved misconfigurations.

  • Tripwire Connect SCM Reporting

    • Get all of your Tripwire secure configuration reporting in one place with Connect. Configuration Manager uses the same SCM reports available for TE Policy data, so that you can use a single interface, set of dashboards, and familiar reports across products.

Tripwire IP360 9.1.4 is now available
Tripwire is pleased to announce the release of IP360 9.1.4. This IP360 maintenance release includes a number of fixes for customer reported issues as well as security enhancements and updates to third party components. Additionally, the IP360 Amazon Web Services offering has been updated and now supports AWS Transit Gateway connections.

The Tripwire IP360 9.1.4 release is available for customers in the downloads section of the Tripwire Customer Center.
Tripwire Dynamic Software Reconciliation 2020Q2.6.1 - NOW AVAILABLE

Tripwire is pleased to announce the latest release of Tripwire® Dynamic Software Reconciliation (DSR). DSR 2020Q2.6.1 is a maintenance release providing several improvements and defect fixes.


HIGHLIGHTS

  • Fixed: In some instances, the Windows build of DSR could prematurely fail with “Out of memory!”. The memory limitation causing this issue has been resolved.
  • Fixed: When reconciling Debian assets, DSR could fail with “'active-repos' contains no data”. Furthermore, there were some cases in which DSR was unable to process Debian packages maintained by the Debian security/update team. Both of these issues have been addressed!
  • Fixed: DSR would previously fail with “Can't locate utf8_heavy.pl in @INC” when it encountered Unicode characters. DSR can now “speak” Unicode fluently.
  • Fixed: During installation, a 0 will no longer be inserted into “dsr_windows_updates.xml”.
  • Changed: Files and directories installed on Red Hat Enterprise Linux now have more secure owner-only permissions.
  • Changed: The DSR installation package and installed files/directories have been streamlined to improve organization and remove unneeded files.

Note: This release does contain changes that are security-related.


Tripwire Dynamic Software Reconciliation 2020Q2.6.1 is available for download from the Tripwire Customer Center in the APPS section of the Tripwire Enterprise product download page.


For complete information on this release and additional important details, see the release notes available as an HTML document in the DSR installation package. For information about configuring and using the software, see the Tripwire Dynamic Software Reconciliation Implementation Guide available as a PDF document in the /docs directory of the DSR installation package.