Allowlist Settings

From the Allowlist Settings page, you can manage many aspects of State Analyzer:

On the Display Types tab, you can import existing Allowlist files, export Allowed Items and Allowlist Assessments, and show or hide Allowlist Types. You can also manage Attributes for each Allowlist Type.
On the Preferences tab, you can configure preferences for the whole product, or for individual Allowlist Types.

Display Types tab

Use the Display Types tab to control the types of data displayed in State Analyzer, to import and export Allowlist data, and manage Attributes for each Allowlist Type.

To import existing Allowlist files

Allowlist files can be imported from the Whitelist Profiler App or from files exported from TSA. For more information about the format of CSV Allowlist files, see the Allowed Items CSV File Reference.

Navigate to State Analyzer > Allowlist Settings and click the Display Types tab.
Click IMPORT EXISTING ALLOWLIST FILES.
Complete the Import Allowlist Files panel:
1. From the Allowlist Type drop-down, select an Allowlist Type to be imported.
2. Click ADD FILE and select a CSV file to import.
  Tips:
  Whitelist CSV files from the WLP App are in the following directory:
  <wlp_root_dir>/whitelists
  The maximum size for each imported CSV file is 10MB, with a limit of 2048 characters per field.
3. Verify that the file you chose is added to the Selection list.
4. Repeat the steps above for each Allowlist file to be imported.
5. Click IMPORT.
Confirm that the data was imported successfully:
1. Navigate to State Analyzer > Allowed Items.
2. Check the tabs on the Allowed Items page to verify that your data was added.

Tips:	Whitelist CSV files from the WLP App are in the following directory: <wlp_root_dir>/whitelists The maximum size for each imported CSV file is 10MB, with a limit of 2048 characters per field.

To export Allowed Items and/or Allowlist Assessments

For information about the format of CSV Allowlist files, see the Allowed Items CSV File Reference.

Navigate to State Analyzer > Allowlist Settings and click the Display Types tab.
Click EXPORT, then select a format for the export file from the dropdown.
In the Export pane, specify the types of data to be exported:
1. From the Allowlist Type drop-down, select one or more Allowlist Types to be exported.
2. Specify whether Allowed Items and/or Allowlist Assessments should be exported.
  Note:
  Filters on the Allowed Items or Allowlist Assessment pages are ignored when exporting from the Allowlist Settings page.
3. Click EXPORT.

Note:	Filters on the Allowed Items or Allowlist Assessment pages are ignored when exporting from the Allowlist Settings page.

Working with Attributes

From the Display Types tab of the Allowlist Settings page, you can manage the Attributes for each type of Allowlist (Group Memberships, Open Ports, Routes, etc.). Attributes are fields that are used to describe Allowed Items. Each type of Allowlist has a different set of Attributes, which may be system-defined or user-defined.

System-Defined Attributes are created by TSA and cannot be deleted by users. During an Allowlist Assessment, TSA compares TE element data to System-Defined Attributes to create a list of Authorized, Unauthorized, and Unused Items.
User-Defined Attributes are custom attributes in TSA that are recorded in the TE elements that TSA writes to after each assessment. These Attributes are not validated during an Assessment. When first installed, TSA has several “user-defined” attributes (for example, Justification) which can be used or deleted as desired.

Each Allowlist Type has a page that displays system-defined and user-defined Attributes for that Allowlist. Click on an Attribute in the table to view detailed information.

To create a new User-Defined Attribute

Navigate to State Analyzer > Allowlist Settings and select the Display Types tab.
Click the link for the Allowlist Type you want to add an Attribute for.
Tip:
If the link for an Allowlist Type isn't active, you may need to enable it by selecting the Allowlist Type and clicking Enable.
Click NEW ATTRIBUTE.
In the New Attribute pane, enter values for the Attribute. Starred fields are required.
- If Is Enabled is selected, this Attribute is visible for new and existing Allowed Items.
- If Show Content in TE? is selected, this Attribute is visible in TE element content.
- If Is Required is selected, a value must be specified for this Attribute when creating new Allowed Items.
Click Save to save the new Attribute.

Tip:	If the link for an Allowlist Type isn't active, you may need to enable it by selecting the Allowlist Type and clicking Enable.

To modify an existing Attribute (System-Defined or User-Defined)

Navigate to State Analyzer > Allowlist Settings and select the Display Types tab.
Click the link for the Allowlist Type with the Attribute you want to modify.
Tip:
If the link for an Allowlist Type isn't active, you may need to enable it by selecting the Allowlist Type and clicking Enable.
Select one or more Attributes and select one of the following:
- Edit: You can only edit one Attribute at a time.
- Delete: Only User-defined Attributes can be deleted. If you delete an Attribute, existing data for this Attribute will be preserved in element versions, but the Attribute will not appear in future versions.
- Enable/Disable: Show or hide this Attribute for new and existing Allowed Items.
- Show/Hide: Show or hide this Attribute in TE element content.

Tip:	If the link for an Allowlist Type isn't active, you may need to enable it by selecting the Allowlist Type and clicking Enable.

To change the matching strategy for a System-Defined Attribute

A matching strategy specifies how TSA compares the scanned value received from TE against the value stored in the Allowlist Item during an Allowlist Assessment. Changing an Attribute's matching strategy can have a dramatic effect on the results of an Assessment.

Navigate to State Analyzer > Allowlist Settings and select the Display Types tab.
Click the link for the Allowlist Type with the Attribute you want to modify.
Tip:
If the link for an Allowlist Type isn't active, you may need to enable it by selecting the Allowlist Type and clicking Enable.
Select a System-Defined Attribute and click Edit.
Select the new Matching Strategy from the dropdown list:
- Equals: Returns a match if the two values are identical.
- EqualsIgnoreCase: Returns a match if the two values are identical, but will ignore differences in capitalization and still return a match.
- Contains: Returns a match if the value from the Allowlist completely or partially shares the value from TE.
- Not Equals: Returns a match if the value from TE does not share the same value from the Allowlist.
- Not Contains: Returns a match if the value from TE does not partially include the value from the Allowlist.
Note:
If an Attribute in an Allowed Item uses a regular expression, TSA ignores the matching strategy for that Attribute and evaluates the element data against the regular expression instead.
Click Save.

Tip:	If the link for an Allowlist Type isn't active, you may need to enable it by selecting the Allowlist Type and clicking Enable.

Note:	If an Attribute in an Allowed Item uses a regular expression, TSA ignores the matching strategy for that Attribute and evaluates the element data against the regular expression instead.

Any changes in the matching strategy won't be reflected until the next time an Assessment that uses the Allowlist runs.

Preferences tab

From the Preferences tab, you can configure many aspects of Tripwire State Analyzer. These settings apply to all TSA users.

Note:	Changes to settings made here aren't implemented until the next time TSA runs an Allowlist Assessment.

Basic Preferences control basic Tripwire State Analyzer behavior.
Report Preferences control the format of Tripwire Enterprise report output.
Export PDF Preferences control formatting for exported PDF files.
Other Preferences are specific to each type of Allowlist Item.