Tripwire

The integration of Tripwire Enterprise with Threat Grid, enables you to correlate alerts with real-time endpoint and server system data to quickly determine risk priority and take action. Tripwire Enterprise monitors files on critical systems for changes as well as the introduction of new files. When a new suspicious file is identified, the file hash is sent to Threat Grid, which reports back the verdict on the file. Tripwire Enterprise then tags the file with the result from Threat Grid. If it is malicious, the asset is tagged as containing malware. If a file hash is not identified, Tripwire Enterprise sends the complete file to the Threat Grid virtual sandbox, which performs dynamic and limited static analysis of the file and returns a result. Tripwire Enterprise then tags the file with the result from Threat Grid; and if malicious, tags the assets as containing malware.