NNT Change Tracker Gen 7 has been designed to be simple to set-up and use. This is a key differentiator from the more cumbersome legacy products such as Tripwire® Enterprise with complex combinations of Tasks, Actions, Rules and Policies all with regular expression pattern matches to configure.

The beauty of Change Tracker Gen 7 is that all the most common monitoring and reporting tasks are pre-packed and automatically assigned to devices based on an intelligent discovery process.

Forensic-level file integrity monitoring is essential for effective breach detection and change control but it has traditionally come at a price, that being the unwanted Change Noise.

Therefore it is necessary to employ techniques to exclude files/paths that generate change noise, or filter out changes from specific files or file types. Change Tracker Gen 7 makes this easy by providing a range of Built-in Changes Filters and File/Path Match Filters. Using these should cover the vast majority of common requirements, for example, the System File FileMatch Filter comprises the following settings

Any Folder, with Unlimited Recursion, matching on a Wildcard basis *.exe or *.sys or *.dll or *.drv

 dashboard

The File/Path Match filter works in conjunction with the Tracked Attributes/Change Type Filter to give you fine grain control over which changes you track. Likewise, you can then layer in an Exclusions specification that will also be merged with the Inclusion rules to give you just the changes you want to see and exclude the change noise.

Finally, you can use the Gen 7 UI to create new Custom Pathmatch Definitions

 

dashboard

Custom Planned Change Rules – Conditional Classification of Planned Changes

If the previous range of options doesn’t give you what you are looking for then you can bring into play some precise evaluation of changes to further manage changes detected.

For example, where we want detect changes to a file but only when specified conditions are met, including

  • Accept a change made by a specified user
  • Accept a change made by a specified process
  • Accept a change if it is anything other than a deletion
  • Accept a change if it is a file length increase

 

Or in fact, any combination of logic can be applied to a huge range of Device Event Change Attributes, including:

Files: FileHash value or File Permissions can change to specified values only

Network Port Tracker: Open TCP Port changes can be within the Ephemeral/Dynamic Port Range

Installed Software: Version number must be greater than a minimum level

Security Policy Tracker: Allow specific policy settings to change, but no others

Database Tracker: Table Owner must not change, other attributes can

 

Example of Custom Planned Change Rule to accept changes made by User Account

 NT Authority\System ie the built-in Windows service account used for automated Windows Updates. Any other changes made by other user accounts are flagged as Unplanned for investigation.

 

dashboard

The earliest two changes were invoked by the NT Authority\System account – the PowerShell Web Access feature was added using Server Manager. However, the other changes were made using a regular User Account and as such end up as Unplanned Changes.

 

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call (844) 898-8362 or click here to request more information.

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.