Tripwire IP360 is a feature-rich vulnerability management system with a pure-play vulnerability assessment personality. We found it to be an interesting mix of pure vulnerability assessment and next-generation threat management. It is available as a physical or virtual appliance - we tested the physical appliance - and it can be deployed in the cloud at, for example, AWS. Deployment is straightforward, but we were a bit confused with parts of the documentation. Tripwire is very fond of using acronyms without describing them (e.g., what is a VnE?). Other than that we found the documentation to be very useful, well-organized and loaded with plenty of screen shots. We worked with two manuals: the quick-start and the admin guides.
When we deployed the appliance, we needed to hook it up to our test bed and - different from every other physical appliance we tested - there was a good set of photos in the manual that showed the rear panel clearly. To get a network IP we needed to attach a keyboard, mouse and screen, but the quick-start walked us through the process neatly.
The tool is policy driven and consists of the manager, the device profiler, the security intelligence hub (and advanced reporting and analytics portal) and the log center. The intelligence hub and the log center need to be installed separately. Tripwire IP360 can integrate with Tripwire Enterprise adding to its functionality.
Once all of the preliminaries were finished - and it took us longer to write about than to do - we were ready to login for the first time. Once the appliance is set up, you can administer it from its web interface. A license needs to be added and an admin account needs to be created. All of this was very straightforward and the manual walks you through each step.
Now that we were in we could go through the console and dashboards. There are three basic navigational areas in the UI: Navigational Menu, Quicklinks Bar and Interface and Results Pane. The menu is widget-based and you can change the widgets on your individual menus.
Next we went to the scan provisioning. You can access it through the menu (scheduled scans) or the scan provisioning widget. Scans are provisioned through network discovery. There are three scan modules: PCI, SCAP and WebApp360. These can be edited. The SCAP module is a separate purchase while the WebApp360 and PCI modules are included.
Reporting is comprehensive and you can configure just about any report you need. You create custom reports using report filters. You can create time frame, differential and distinct audits. There are reports for several audiences, such as executive summary reports that can be focused on specific networks. Reports on IAVA (Information Assurance Vulnerability Alerts - a DoD requirement) have special configuration requirements, all available in the IP360.
The website is complete and we found the documentation good. Pricing is very aggressive and overall we had very little argument with the tool. We do feel that this is not a tool for the novice. Configuration is extremely detailed and can become complicated depending on what you want to do. We found very limited out-of-the-box configurations - just about everything is a la carte, leaving you to configure and deploy. While this adds a huge amount of flexibility, it also suggests that you need to know what you're doing before tackling deployment.