What is trip-wire.io?

trip-wire.io is a security monitoring platform for Windows and Linux servers. It watches for suspicious activity like failed logins, account changes, and unauthorized access, then notifies your team when something happens.

You install a small agent on each host. The agent watches for security events, matches them against your policy checks, and sends them to trip-wire.io. When a policy threshold is met (say, 5 failed logins in 5 minutes), an alarm triggers and you get notified through email, Slack, Teams, or wherever you need it.

How It Works

1. Deploy agents on your Windows and Linux hosts
2. Assign policies to set thresholds for the events you care about (failed logins, user changes, port scans, etc.)
3. Create notifications with channels to get alerted when an alarm triggers

That's it. No complex SIEM configuration, no query languages to learn. Pick the events you want to watch for, set a threshold, and trip-wire.io handles the rest.

What You Can Monitor

Security events: Failed logins, account lockouts, user and group changes, password resets, event log clearing, and more. Each platform has its own set of checks tailored to its event sources.

Honeypots: Run decoy listeners on ports like SSH, RDP, and FTP. Any connection attempt is likely someone (or something) poking around where they shouldn't be.

Beacons: Monitor network targets with ICMP, DNS, HTTP, or SMTP probes. Get notified when a host goes down or comes back up.

Heartbeats: Know immediately if an agent stops checking in.

Built for Teams

trip-wire.io supports multi-tenant setups out of the box. Manage multiple organizations from a single account, with separate policies, notifications, agents, and alarms for each tenant.