Stop Working in Silos: Integrating with APIs – Info CCrime

It’s easy to be overwhelmed by the quantity of three-letter acronyms when you’re working with software and technology, but there’s three letters that are becoming increasingly more important in the world of software: API.

“Application Programming Interface” sounds like it’s going to be an ominously complicated topic, but it’s a term you should watch out for when you’re evaluating what technology toolset you implement, as having an API opens up a wide range of opportunities for expanding and integrating your information sources.

Perhaps the simplest description of an API is a method of data access (the list of vulnerabilities detected on your infrastructure, for example) or functionality (the tasks you use to carry out scans of your network) using scripts or software.

With a good API, you can automate many day-to-day tasks and reduce the amount of manual effort required to analyze data as well as let two different products interact together, granting you better insight into the relationships between one data point and another.

Tripwire’s product suite fortunately has a number of APIs you can use.

Tripwire Enterprise has a powerful API command set that you can leverage in your business-as-usual workflows to check for changes, manage promotion, and extract data to use with your other tools.

Tripwire IP360 similarly offers a robust API to help you do more with your vulnerability data. For example, rather than having a vulnerability score relating to detected vulnerabilities on a system in isolation, you can automatically extract the score and put it alongside other technical information in your environment such as when the machine was last backed up or when it was last patched to help drive your decision on what to prioritize on when planning upgrades.

Adding a full awareness of what’s going on in the rest of your environment lets you act with greater confidence and is the first step towards automating the resolution and even verifying the fix. Used in combination with your change and incident management tools, your silo of security data can be integrated into your business’ single pane of glass, improving response time and taking the guess work out of how to respond to issues.

And in case all of this sounds like it’s a time-consuming activity, thanks to the state of Windows PowerShell and Python libraries on Linux, you can actually start leveraging almost of all this functionality in a few lines.

In fact, I often find writing a small script to interact with the Tripwire API to do the work for me far faster than manually doing the same work by hand when it comes to working with a large inventory of machines. A number of powerful uses for the Tripwire Enterprise API can be achieved in a single line of code yet deliver insight into the rich data stream available from its File Integrity Monitoring change history.

When I talk about APIs, I’m often reminded of the phrase “no man is an island.” With a solid API, your software tools need not be islands anymore, either.