NNT Change Tracker Gen 7 has been designed to be simple to set-up and use. This is a key differentiator from the more cumbersome legacy products such as Tripwire® Enterprise with complex combinations of Tasks, Actions, Rules and Policies all with regular expression pattern matches to configure.

The beauty of Change Tracker Gen 7 is that all the most common monitoring and reporting tasks are pre-packed and automatically assigned to devices based on an intelligent discovery process.

Forensic-level file integrity monitoring is essential for effective breach detection and change control but it has traditionally come at a price, that being the unwanted Change Noise.

Therefore it is necessary to employ techniques to exclude files/paths that generate change noise, or filter out changes from specific files or file types. Change Tracker Gen 7 makes this easy by providing a range of Built-in Changes Filters and File/Path Match Filters. Using these should cover the vast majority of common requirements, for example, the System File FileMatch Filter comprises the following settings

Any Folder, with Unlimited Recursion, matching on a Wildcard basis *.exe or *.sys or *.dll or *.drv

 

The File/Path Match filter works in conjunction with the Tracked Attributes/Change Type Filter to give you fine grain control over which changes you track. Likewise, you can then layer in an Exclusions specification that will also be merged with the Inclusion rules to give you just the changes you want to see and exclude the change noise.

Finally, you can use the Gen 7 UI to create new Custom Pathmatch Definitions

 

Custom Planned Change Rules – Conditional Classification of Planned Changes

If the previous range of options doesn’t give you what you are looking for then you can bring into play some precise evaluation of changes to further manage changes detected.

For example, where we want detect changes to a file but only when specified conditions are met, including

  • Accept a change made by a specified user
  • Accept a change made by a specified process
  • Accept a change if it is anything other than a deletion
  • Accept a change if it is a file length increase

 

Or in fact, any combination of logic can be applied to a huge range of Device Event Change Attributes, including:

Files: FileHash value or File Permissions can change to specified values only

Network Port Tracker: Open TCP Port changes can be within the Ephemeral/Dynamic Port Range

Installed Software: Version number must be greater than a minimum level

Security Policy Tracker: Allow specific policy settings to change, but no others

Database Tracker: Table Owner must not change, other attributes can

 

Example of Custom Planned Change Rule to accept changes made by User Account

 NT Authority\System ie the built-in Windows service account used for automated Windows Updates. Any other changes made by other user accounts are flagged as Unplanned for investigation.

The earliest two changes were invoked by the NT Authority\System account – the PowerShell Web Access feature was added using Server Manager. However, the other changes were made using a regular User Account and as such end up as Unplanned Changes.

 

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call 1-888-898-0674 or click here to request more information.

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email[email protected]
UK Office
New Net Technologies LLC
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email[email protected]
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.