Getting Started with Configuration Manager

Tripwire Configuration Manager is the cloud configuration and automation module of Tripwire.io, the Tripwire SaaS platform. With Configuration Manager, you can:

• check AWS, Azure, and Google Cloud accounts against Center for Internet Security (CIS) Foundations Benchmarks to make sure your accounts are secure and using industry best practices
• track your cloud storage inventory to see which data is public and private
• automate responses to misconfigurations or unwanted changes in privacy settings

Step 1: Create a Cloud Account or Use a Demo Account

A Cloud Account is an AWS, Azure, or Google Cloud environment that Configuration Manager monitors.

To create a Cloud Account, you need to enter account credentials or provide other access so that Configuration Manager can monitor the account. Read here for specific information required for each type of account.

Step 2: Run a Scan

1. After configuring an account, click Cloud in the sidebar and select the Schedule tab at the top.

2. Click New and configure a new scan:

   1. Enter a Name and Description.
   2. Under Account Selection, select the Cloud Account you just created.
   3. Under Evaluation, select a Policy that matches that account to use for the scan.
   4. For Schedule Details, select Now.
   5. Select any Email Notifications you want to enable for this scan.

3. Click Save to create the new scan and run it immediately.

Step 3: Review the Results

1. After the scan is complete, click Policy Results at the top of the dashboard to see the results.

   The right pane of the Policy Results tab shows a prioritized list of Issues to be resolved, filtered by the Accounts and Policies in the current view. By resolving these issues, you can improve your overall compliance score.

2. In the Issues section on the right, click Show issues with Fix Now button. This filters the list to Issues that Configuration Manager can fix automatically.

3. Click the link for the top Issue to see more details.

   Each Issue includes a description, status and evaluation time, and you can click Remediation Instructions to see manual remediation steps for the Issue.

   The code block under the Remediation Instructions shows the specific Policy Scan results that failed.

Step 4: Start Fixing Things

1. In the Fix Account section, decide how to resolve the Issue for this account:
   • Click Run Fix Now to immediately fix this Issue. After resolving the Issue, Configuration Manager will scan the account again to confirm that it has been fixed.
   • Select Fix automatically in future and then Save Automatic Fix to automatically fix the Issue when a future scan detects it on this account. You can then click Run Fix Now to also fix it immediately as above.

   Note:	When you click Save Automatic Fix for an Issue, Configuration Manager creates a Response, an automated resolution to a specific Issue that can then be applied to other Cloud Accounts. To see available Responses, click Responses at the top of the dashboard.

   Some Issues have configurable Fix Options (for example, a password length or time period) that enable you to enforce organizational policies that are more restrictive than the policy used in the scan.

2. Repeat the process above to address any other "Fix Now" Issues with your account. Then use the Remediation Instructions in the remaining Issues to resolve problems that need to be fixed manually.

   You will need to re-run Scans after manually resolving Issues to update your compliance scores.

Next Steps

• If you haven't already, create recurring Scans (on the Schedules tab) to keep your accounts in compliance.
• Use the Inventory tab to check the privacy status of your cloud storage.
• Add any other Cloud Accounts you want to monitor.
• Advanced users can customize the Rules and Policies used to monitor Cloud Accounts.