Allowlist Settings

From the Allowlist Settings page, you can manage many aspects of State Analyzer:

  • On the Display Types tab, you can import existing Allowlist files, export Allowed Items and Allowlist Assessments, and show or hide Allowlist Types.
  • On the Preferences tab, you can configure preferences for the whole product, or for individual Allowlist Types.
  • There are also Attributes tabs for each type of Allowlist. From these tabs, you can manage the Attributes for the corresponding Allowlist. If you don't see a tab for a specific Allowlist Type, you may need to enable it from the Display Types tab.

Display Types tab

Use the Display Types tab to control the types of data displayed in State Analyzer, and to import and export Allowlist data.

  1. Navigate to State Analyzer > Allowlist Settings and click the Display Types tab.
  2. Select one or more Allowlist Types to modify and click Enable or Disable.

    Disabling an Allowlist Type just hides it on the Allowed Items or Allowed Settings pages. Any data for that Allowlist is preserved.

  3. To verify, navigate to State Analyzer > Allowed Items, and confirm that the Allowlist Type tabs are visible or hidden.

Allowlist files can be imported from the Whitelist Profiler App or from files exported from TSA. For more information about the format of CSV Allowlist files, see the Allowed Items CSV File Reference.

  1. Navigate to State Analyzer > Allowlist Settings and click the Display Types tab.
  2. Click IMPORT EXISTING ALLOWLIST FILES.
  3. Complete the Import Allowlist Files panel:
    1. From the Allowlist Type drop-down, select an Allowlist Type to be imported.
    2. Click ADD FILE and select a CSV file to import.

      Tips:  

      Whitelist CSV files from the WLP App are in the following directory:
      <wlp_root_dir>/whitelists

      The maximum size for each imported CSV file is 10MB, with a limit of 2048 characters per field.

    3. Verify that the file you chose is added to the Selection list.
    4. Repeat the steps above for each Allowlist file to be imported.
    5. Click IMPORT.
  4. Confirm that the data was imported successfully:
    1. Navigate to State Analyzer > Allowed Items.
    2. Check the tabs on the Allowed Items page to verify that your data was added.

For information about the format of CSV Allowlist files, see the Allowed Items CSV File Reference.

  1. Navigate to State Analyzer > Allowlist Settings and click the Display Types tab.
  2. Click EXPORT, then select a format for the export file from the dropdown.
  3. In the Export pane, specify the types of data to be exported:
    1. From the Allowlist Type drop-down, select one or more Allowlist Types to be exported.
    2. Specify whether Allowed Items and/or Allowlist Assessments should be exported.

      Note:  

      Filters on the Allowed Items or Allowlist Assessment pages are ignored when exporting from the Allowlist Settings page.

    3. Click EXPORT.

Preferences tab

From the Preferences tab, you can configure many aspects of Tripwire State Analyzer. These settings apply to all TSA users.

Note:  

Changes to settings made here aren't implemented until the next time TSA runs an Allowlist Assessment.

  • Basic Preferences control basic Tripwire State Analyzer behavior.
  • Report Preferences control the format of Tripwire Enterprise report output.
  • Export PDF Preferences control formatting for exported PDF files.
  • Other Preferences are specific to each type of Allowlist Item.

Attributes tabs

The Allowlist Settings page has an Attributes tab for each type of Allowlist (Group Memberships, Open Ports, Routes, etc.). Attributes are fields that are used to describe Allowed Items. Each type of Allowlist has a different set of Attributes, which may be system-defined or user-defined.

  • System-Defined Attributes are created by TSA and cannot be deleted by users. During an Allowlist Assessment, TSA compares TE element data to System-Defined Attributes to create a list of Authorized, Unauthorized, and Unused Items.
  • User-Defined Attributes are custom attributes in TSA that are recorded in the TE elements that TSA writes to after each assessment. These Attributes are not validated during an Assessment. When first installed, TSA has several “user-defined” attributes (for example, Justification) which can be used or deleted as desired.

Each Attributes tab displays system-defined and user-defined Attributes for that type of Allowlist. Click on an Attribute in the table to view detailed information.

Tip:  

If you don't see an Attributes tab for a specific Allowlist Type, you may need to enable it from the Display Types tab.

  1. Navigate to State Analyzer > Allowlist Settings and select the tab for the Allowlist Type you want to add an Attribute for.
  2. Click NEW ATTRIBUTE.
  3. In the New Attribute pane, enter values for the Attribute. Starred fields are required.
    • If Is Enabled is selected, this Attribute is visible for new and existing Allowed Items.
    • If Show Content in TE? is selected, this Attribute is visible in TE element content.
    • If Is Required is selected, a value must be specified for this Attribute when creating new Allowed Items.
  4. Click Save to save the new Attribute.
  1. Navigate to State Analyzer > Allowlist Settings and select the tab for the Allowlist Type with the Attribute you want to modify.
  2. Select one or more Attributes and select one of the following:
    • Edit: You can only edit one Attribute at a time.
    • Delete: Only User-defined Attributes can be deleted. If you delete an Attribute, existing data for this Attribute will be preserved in element versions, but the Attribute will not appear in future versions.
    • Enable/Disable: Show or hide this Attribute for new and existing Allowed Items.
    • Show/Hide: Show or hide this Attribute in TE element content.

A matching strategy specifies how TSA compares the scanned value received from TE against the value stored in the Allowlist Item during an Allowlist Assessment. Changing an Attribute's matching strategy can have a dramatic effect on the results of an Assessment.

  1. Navigate to State Analyzer > Allowlist Settings and select the tab for the Allowlist Type with the Attribute you want to modify.
  2. Select a System-Defined Attribute and click Edit.
  3. Select the new Matching Strategy from the dropdown list:
    • Equals: Returns a match if the two values are identical.
    • EqualsIgnoreCase: Returns a match if the two values are identical, but will ignore differences in capitalization and still return a match.
    • Contains: Returns a match if the value from the Allowlist completely or partially shares the value from TE.
    • Not Equals: Returns a match if the value from TE does not share the same value from the Allowlist.
    • Not Contains: Returns a match if the value from TE does not partially include the value from the Allowlist.

    Note:  

    If an Attribute in an Allowed Item uses a regular expression, TSA ignores the matching strategy for that Attribute and evaluates the element data against the regular expression instead.

  4. Click Save.

Any changes in the matching strategy won't be reflected until the next time an Assessment that uses the Allowlist runs.