Getting Started with Tripwire Anyware VA

Tripwire Anyware VA is the vulnerability assessment module of Tripwire.io, the Tripwire SaaS platform. With Tripwire Anyware VA, you can:

  • quickly identify vulnerability issues on Linux and Windows assets
  • get targeted remediation information

Step 1: Install Agents

Tripwire Anyware VA uses Tripwire's Axon Agent software to monitor and manage assets.

You install the Agent software on each asset to be monitored, and the Agent scans that asset once a day.

To install an Agent

  1. Navigate to Environment > Agents.
  2. Click Download Agent.
  3. Click the download link for the type of Agent you want to install.

    Note:  

    It may take up to a minute to generate the Agent installer.

  4. Install the Agent on the system you want to monitor.

    For Windows systems:

    1. Log in with Administrator privileges.

    2. Extract the zip file.

    3. Double-click the installer file axon-agent.msi.

    4. To verify that the installation succeeded, check the Services list (Control Panel > Administrative Tools > View local services) to verify that the Tripwire Axon service is running.

    Note:  

    To install the Agent on other Windows systems, copy the entire zip file (not just the .msi file) to the new system, unzip and install.

    For Linux systems: 

    1. Log in to the system as root (or use sudo to obtain root privileges).

    2. At a command prompt, expand the zip file:

      unzip scm-linux-install-bundle.zip

    3. Run the following command to install the Agent:

      ./axon-agent/axon-agent.bin

      Note that the script above will also start the Axon Agent service.

    4. Run the following command to confirm that the installation succeeded:

      service tripwire-axon status

    Note:  

    The how-to-install.txt file in the zip has other installation options and related information.

After the installation is complete:

  • the asset will appear on both the Environment > Assets and Environment > Agents pages.
  • the Agent will automatically scan the asset where it is installed.

Step 2: Review Scan Results

Vulnerability Scan results are shown on the Vulnerability Assessment dashboard.

  1. Navigate to Servers > Vulnerability Assessment and click the Results tab.

    By default, the Results tab displays information about all of your vulns, assets, and applications. It has three sections:

    • The Overview at the top provides a high-level view of your assets, applications, and vulnerability exposure.
    • The Risk Matrix prioritizes detected vulnerabilities based on the skill required to exploit them and the risk (consequences) of a successful exploit.
    • The Vulnerability Results table displays detailed information about the selected items. Each row in the table represents a single vulnerability affecting a single application on one or more assets.

    You can also use the table at the bottom of the page to investigate specific vulns or assets.

    Vulnerability results are updated each time a Vulnerability Scan runs. For information about past scans, click the Scan History tab.

  2. Select the Vulnerability tab in the Vulnerability Results table at the bottom of the page.

  3. Look through the table to identify a vulnerability that interests you, or use the filters to target a specific vuln.

Step 3: Get Remediation Information

  1. Click a vuln in the Vulnerability Results table to see more information about the vulnerability, including mitigation and remediation instructions.

  2. At the bottom, click the Assets and Applications tabs to see a list of the assets and applications affected by this vulnerability. Click anywhere on an asset's row to see detailed information about that asset.