As we know, Tripwire Enterprise
(TE) is the de-facto go-to solution for File Integrity Monitoring
(FIM). In normal operations, we deploy a TE agent to a system we want to monitor. TE then uses that agent to baseline the system against the appropriate rules, creating a known good state for that system. Moving forward, that system is monitored for change per the rules that were used to create the baseline. The list of supported operating systems for a given version of TE is fairly extensive, so most of what I may want to run in my datacenter will be supported.Agent-Based vs. Agentless MonitoringNotice that I said “most” above and not “all.” This distinction is important because I’m not using an agent for everything. Agents sit on external devices that require O/S compatibility, notes Security Boulevard
. As a result, my ability to scan some of my assets using agents is limited.So, I might decide to go the agentless route. Doing so could allow me to conduct those assessments without needing to worry about compatibility issues. There’s a host of other security
reasons that could motivate me to make this choice, as well.That raises an important question: can I still use Tripwire Enterprise
for agentless monitoring? How do you enforce FIM on operati ..