TRIPWIRE® ENTERPRISE

COMMANDER

TRIPWIRE ENTERPRISE
COMMANDER 8.7.4
USER GUIDE

FOUNDATIONAL CONTROLS FOR

SECURITY, COMPLIANCE & IT OPERATIONS
© 2019 Tripwire, Inc. All rights reserved.

Tripwire is a registered trademark of Tripwire, Inc. Other brand or product names may be trademarks or
registered trademarks of their respective companies or organizations.

Contents of this document are subject to change without notice. Both this document and the software described
in it are licensed subject to Tripwire’s End User License Agreement located at https://www.tripwire.com/terms,
unless a valid license agreement has been signed by your organization and an authorized representative of
Tripwire. This document contains Tripwire confidential information and may be used or copied only in
accordance with the terms of such license.

This product may be protected by one or more patents. For further information, please visit:
https://www.tripwire.com/company/patents.

Tripwire software may contain or be delivered with third-party software components. The license agreements
and notices for the third-party components are available at: https://www.tripwire.com/terms.

Tripwire, Inc.
308 SW Second Ave, Suite 400
Portland, OR 97204

US Toll-free: 1.800.TRIPWIRE
main: 1.503.276.7500
fax: 1.503.223.0182
https://www.tripwire.com
tripwire@tripwire.com
Contents

Getting Started 7
Introduction 7
Installation and Configuration 7

Authentication and Usage 8

Authentication 8
Entering Plain Text Credentials on the Command Line 8
Storing Credentials as Encoded Java Preferences 8
Storing Encoded Credentials in an XML File 9
Usage Notes 10
Standard Options 10
Unique Names 10
Spaces 10
Specifying Multiple Objects 11
Including Multiple Commands in a Text File 11
Help Messages 11

Command Reference 12
Overview 12
Active Directory to TE User Sync (ad2tesync) 12
Add TE User (adduser) 14
Add TE User Group (addusergrp) 14
Analyze TE Deployment (analyzer) 15
Application to CSV (apptocsv) 15
Create Saved Filter (avcreatefilter) 16
Create Tagging Profile (avcreateprofile) 16
Create Tag (avcreatetag) 18
Delete Saved Filter (avdeletefilter) 18

Tripwire Enterprise Commander 8.7.4 User Guide 3 Tripwire Inc.

 Delete Node Errors (avdeletenodeerrors) 19
Delete Tagging Profile (avdeleteprofile) 21
Delete Tag (avdeletetag) 21
Delete Tagset (avdeletetagset) 21
List Asset Tags (avlistassettags) 22
Reset Tag Set (avresettagset) 22
Tag Asset (avtagasset) 23
Untag Asset (avuntagasset) 25
Baseline (baseline) 27
Baseline to CSV (betocsv) 27
Changed Elements to CSV (cetocsv) 28
Change User Password (changeuserpw) 29
Check (check) 29
Configure Node Events (configurenodeevents) 30
Create External Element Version (createextcontent) 30
Create External Rule (createextrule) 31
Create Group (creategroup) 32
DB Query Rule to CSV (dbtocsv) 32
Delete (delete) 33
Remove TE User (deluser) 34
Remove TE User Group (delusergrp) 34
Edit TE User (edituser) 35
Edit TE User Group (editusergrp) 35
Element Count (elementcount) 36
Export (export) 36
Find (find) 38
Find Hashes (findhash) 39
Find TE Roles (findroles) 39
Find TE User Groups (findusergrps) 40
Find TE Users (findusers) 40
Import (import) 41

Tripwire Enterprise Commander 8.7.4 User Guide 4 Tripwire Inc.

 License Information (licenseinfo) 41
Link (link) 42
List Custom Properties (listcustprops) 43
List Event Settings (listnodeeventsettings) 43
List Nodes with Custom Properties (listnodes) 43
List Parents (listparents) 44
List Rules (listrules) 44
List Tree (listtree) 45
List Variables (listvars) 45
List Element Versions (listversions) 46
Mass Element Delete (masselementdelete) 46
Mass Node Populate (massnodepop) 47
Move (move) 48
Point-in-time Report (pointintime) 49
Promote (promote) 50
Rename (rename) 51
Rename to Hostname (renametohostname) 52
Report (report) 53
Restart Agent (restartagent) 56
Delete or Disable User (retireuser) 57
Run Action (runaction) 57
Run Policy Test (runpolicytests) 58
Run Task (runtask) 58
Search Log (searchlog) 59
Set Custom Property (setcustprop) 60
Set Description (setdesc) 61
Set Node Licenses (setnodelicenses) 62
Set Node Status (setnodestatus) 62
Set Variables (setvariable) 63
Support Package (supportpkg) 64
Unlink (unlink) 64

Tripwire Enterprise Commander 8.7.4 User Guide 5 Tripwire Inc.

 Manage User Accounts (usermgmt) 65

Appendix A – Sample Script Using Multiple Commands 66

Tripwire Enterprise Commander 8.7.4 User Guide 6 Tripwire Inc.

Getting Started

Introduction
Tripwire Enterprise Commander (TE Commander) is a Tripwire Enterprise command-line
interface (CLI) tool that greatly expands the functionality of twtool, the standard Tripwire
Enterprise CLI. TE Commander is a Tripwire Enterprise web services client application. It is
written in Java and is supported with JRE 1.8.0_60 and later.

Installation and Configuration

TE Commander is distributed as a standalone application. Follow the steps below to install the
software. When updating an existing TE Commander installation, we recommend that each new
version of TE Commander be installed into a new, separate directory using the process below.

To install TE Commander:
1. Unzip the tecommander.zip file into a directory on any system that has TE Console or
TE Agent software installed. 

Note The recommended installation location is either

C:\Program Files\Tripwire\TECommander (Windows) or
/usr/local/tripwire/tecommander (Unix or Linux).

2. Locate the tecommander.cmd (.sh) file in the installation directory's bin folder and open it
with a text editor.
3. Find the line in the file that looks like this:
set JAVA_HOME=d:\Program Files\Tripwire\TE\Server\jre

4. Modify this line to point to any Java JRE (1.8.0_60 or later) with JCE libraries installed.
5. Save the file.

Tripwire Enterprise Commander 8.7.4 User Guide 7 Tripwire Inc.

Authentication and Usage

Authentication
TE Commander, like the twtool CLI, supports typing credentials with each command or storing
encoded credentials in the local Java preferences repository or an XML file. The use of the term
‘encoded’ only applies to the account password. All other credentials are stored and used in
plain text.

TE Commander has three required credentials:

l the name of the TE Console system

l the name of a valid TE user account
l the user account password associated with that account

Entering Plain Text Credentials on the Command Line

To enter the required credentials, use the following format with each TE Commander command:
tecommander <command> -s <TE_system> -u <TE account_name> -p <TE_account_password>

For example:
tecommander link –s myteserver -u administrator -p passphrase –w “Windows Nodes”
–t “By Platform”

Storing Credentials as Encoded Java Preferences

TE Commander can make use of serialized java preferences and store the credentials encoded
per OS user login. The syntax is similar to the credentials per command above but is only
required once per OS user. Once these credentials are set, if they are not provided on the
command line, they will be retrieved and used for authentication.

To encode and store these credentials for automatic use by TE Commander, use the set
command with the following format:
tecommander set -s <TE_system> -u <TE account_name> -p <TE_account_password>

For example:
tecommander set –s myteserver -u administrator -p passphrase

You can also set the credentials for an Active Directory connection which is used by the
ad2tesync command. It is very similar to the command above:
tecommander set -d <AD_Domain> -U <AD_account_name> -P <AD_account_password>

For example:
tecommander set –s lab.tripwire.com -u “lab\jUser” -p passphrase

Tripwire Enterprise Commander 8.7.4 User Guide 8 Tripwire Inc.

Storing Encoded Credentials in an XML File
TE Commander can also read credentials from an XML file. A sample XML file (te_auth.xml)
is included in the ./config/examples folder.

The TE user account password is encrypted using the TE Commander encrypt command (see
below), but the username must be manually set in the .xml file on the <UserID> line.

tecommander encrypt –M ..\config\te_auth.xml -P mypassphrase

Once the XML file is encrypted, it can be referenced in other TE Commander commands by
using the -M option.

For example:

tecommander link –w “Windows Nodes” –t “By Platform” –M ..\config\te_auth.xml

Tripwire Enterprise Commander 8.7.4 User Guide 9 Tripwire Inc.

Usage Notes

Standard Options
There are some "standard" options that can be used with almost every TE Commander
command. These include the -s, -u, -p, and –M options discussed in Authentication on page 8. In
addition, the table below lists other "standard" options that can be used with almost every
TE Commander command.

Note Use the -h or --help option with any command to see the actual options that are
available for that command.

Option
(Short, Long Form) Description
-q, --quiet Suppress informational text that would normally be displayed.

-W, --wait Wait for the specified number of minutes before proceeding.
This is useful when using TE Commander in script mode and running commands
like restartagent that take time to execute before moving on to the next
command.

-Q, --trustall This option is available on every command that requires a connection to the TE
Server. It is useful when the TE Server's out-of-the-box cert has been replaced
with a custom certificate.

-Z, --timeout Specify how many minutes the API client should wait after a request is made. 

-h, --help Display information about this command and a list of available options.

Unique Names
When specifying any object by name, TE Commander cannot determine which object to operate
on if multiple objects of the same type have the same name. Therefore, objects of the same type
MUST have unique names.

For example, if you have an “Oracle” node group under a “Linux” node group and an “Oracle”
node group under a “Windows” node group, there is no way to specify which “Oracle” is the
desired object. One solution would be to rename the objects to “Oracle Linux” and “Oracle
Windows” respectively.

If duplicate objects of the same name are found, a message similar to “Specified <object type>
does not exist or is not uniquely named” will be displayed and processing of the command will
cease.

Spaces
If a command argument contains spaces, the text must be surrounded with double-quotes “ ”.

Tripwire Enterprise Commander 8.7.4 User Guide 10 Tripwire Inc.

Specifying Multiple Objects
In some cases, multiple TE objects can be specified for a command option. If supported,
multiple objects of the same type can be specified by separating the object names with a semi-
colon (;). The --help option for the command will indicate whether multiple objects are
supported for each option.

Including Multiple Commands in a Text File

TE Commander can execute multiple commands if they are written in a text file, each on their
own line. The way to execute such a list of commands or ‘script’ is:

tecommander @<filename>.tec

where <filename>.tec is a file containing multiple TE Commander commands.

When a file is specified in this way, TE Commander will authenticate once to Tripwire
Enterprise and execute all commands listed in the file. This can be useful when creating or
scripting automated processes in the TE environment. A sample script is listed in Appendix A –
Sample Script Using Multiple Commands (on page 66).

Help Messages
To list all available TE Commander commands and get a brief description of each, enter
tecommander at the command prompt.

For a list of command-line options for a specific command, use this format:

tecommander <command> --help

Tripwire Enterprise Commander 8.7.4 User Guide 11 Tripwire Inc.

Command Reference

Overview
This section describes the commands and options available in TE Commander, organized
alphabetically by command name. The set and encrypt commands were previously described in
Authentication (on page 8).

Notes Examples in this guide focus on Windows platforms. For Unix-based platforms,
make the appropriate syntax adjustments.

The examples in this section assume that the set command (see Storing
Credentials as Encoded Java Preferences on page 8) has previously been used to
store authentication credentials.

Only the most relevant command options for each command are shown, omitting
some common options that are available in most commands. For a complete list of
options for any command, use the --help option with that command:

tecommander <command> --help

Active Directory to TE User Sync (ad2tesync)

The ad2tesync command syncs an Active Directory (AD) group or AD user to one or more TE
users.

If the AD user does not exist in TE, a new user will be created with the provided parameters. If
the AD user already exists in TE, that user will be updated with AD information (email/display
name) as well as any provided TE settings. If the user has set the search type to group and there
are TE users in the identified role that don’t match any of the AD users, the TE users will be
disabled. A custom role, DisabledUsers, will be created the first time users have been identified
that need to be disabled.

Option 
(Short,Long Form)
Arguments Description

-c, -- Maximum length of time (in milliseconds) that a connection attempt should
connectionTimeout be allowed to continue before giving up.
<milliseconds>
The default value is 10.

-d, --description Description to be used when creating/updating user(s).

<description>

-D, --domain [Required] Active Directory domain to sync with.

<domain>

Tripwire Enterprise Commander 8.7.4 User Guide 12 Tripwire Inc.

 Option 
(Short,Long Form)
Arguments Description

-g, --groups List of TE user groups that user(s) should belong to.
<groups>

-H, --homepages List of homepages to assign to the user(s).

<homepages>

-j, --asJSON Flag indicating user information should be output in JSON format.

--P, --adpass [Required] Active Directory user password.

<password>

-r, --role [Required] Role to assign to the user(s).

<role>

-R, --remove If --searchType is group, this flag indicates that TE users should be
removed/deleted if there is no matching AD user in the role.

-s, --search Valid AD/LDAP syntax to search for a user or group.

<search>
For example, (CN=John Doe) or (CN=TE Admins)

-T, --searchType Type of Active Directory search. Valid search types are group or user.
<searchType>
Default value is group.

-U, --adUser [Required] Active Directory user name.

<username>

--userpassword Password to assign to the user(s).

<password>

For example:

Sync AD group to TE (polite sync, TE users will remain even if matching AD user has been
removed):
tecommander ad2tesync -s localhost -u administrator -p *********
-D lab.tripwire.com -U jUser -P ******** -T group -s “cn=TE Users” -r “Power User”
-g “NERC Users” -d “Created via TECommander”

Sync AD group to TE (dangerous sync, TE users will be removed if matching AD user has been
removed):
tecommander ad2tesync -s localhost -u administrator -p *********
-D lab.tripwire.com -U jUser -P ******** -T group -s “cn=TE Users” -r “Power User”
-g “NERC Users” --remove -d “Created via TECommander”

Sync AD user to TE (usually part of an automation solution for IT):

tecommander ad2tesync -s localhost -u administrator -p *********
-D lab.tripwire.com -U jUser -P ******** -T user -s “cn=jsmith” -r “Power User”
-g “NERC Users” -d “Created via TECommander”

Sync AD user to TE (output results as json to be consumed by another process):

tecommander ad2tesync -s localhost -u administrator -p *********
-D lab.tripwire.com -U jUser -P ******** -T user -s “cn=jsmith” -r “Power User”
-g “NERC Users” -d “Created via TECommander” -j

Tripwire Enterprise Commander 8.7.4 User Guide 13 Tripwire Inc.

Add TE User (adduser)
The adduser command is used to create a new TE user. The username and role options are
required. All other parameters are optional.

Option (Short,Long Form)
Arguments Description

-d, --description Description of the user.

<description>

-e, --email User’s email.

<email>

-g, --groups List of groups the user should belong to.

<groups>

-H, --homepages List of homepages the user should belong to.

<homepages>

-j, --asJSON Output created user’s info as JSON.

-n, --name [Required] User’s name.

<name>

-r, --role [Required]Role to assign to user.

<role>

--userpassword Password to assign to user.

<password>

For example:

tecommander adduser -n jsmith -r “Power User” -g “Tripwire Policy Manager Group,

Tripwire Rule Manager Group” –userpassword “pa$$word” -h “Customer Center Home
Page” -d “Created by TECommander”

Add TE User Group (addusergrp)

The addusergrp command is used to create a new TE user group. The username and role
options are required. All other parameters are optional.

Option (Short,Long Form)
Arguments Description

-d, --description Description of the user group.

<description>

-j, --asJSON Output created user’s info as JSON.

-n, --name Name of the TE user group to create.

<name>

For example:

tecommander -n “NERC Users” -d “Users working with NERC assets and policies”

Tripwire Enterprise Commander 8.7.4 User Guide 14 Tripwire Inc.

Analyze TE Deployment (analyzer)
The analyzer command is used to analyze a zip file generated by the Tripwire Enterprise
export.bat utility (in the TE Console tools directory) for best practices and potential problems.
Options for this command are:

Option 
(Short,Long Form)
Arguments Description

-i,--inputfile Input zip file from the export.bat utility.

<inputzipfile>

-o,--outputfile Full path to the location where the output .xlsx file with analysis will be
<outputxslxfile> created.

Application to CSV (apptocsv)

The apptocsv command is used to list all nodes, file rule start point metadata, and stop points for
all enabled check tasks in the specified task group in an output CSV file. In essence, it is an
active coverage report. Any node/rule objects in the check tasks that are not uniquely named are
skipped. The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-K,--taskgroup The name of the task group to analyze.

<taskGroupName>

-o,--outputfile The output location for the CSV file.

<outputfile>

-Y,--cmdb_format If specified, includes information about the rules used to monitor each node
instead of just listing the nodes.

For example:

tecommander apptocsv -K "Check Tasks" -o "Coverage.csv"

Tripwire Enterprise Commander 8.7.4 User Guide 15 Tripwire Inc.

Create Saved Filter (avcreatefilter)
The avcreatefilter command is used to create a new saved filter in Asset View. Key options
for this command are:

Option 
(Short,Long Form)
Arguments Description

-N,--name The name of the new saved filter.

<filterName>

-S,--searchstring A search string used to filter assets.

<stringValue>

-T,--tagsettagpair A string containing one or more tagset/tag pairs to include in this saved filter. If
<tagset/tag> multiple tagset/tag pairs are specified, they should be separated with semi-
colons. For example:

-T Location/Portland;Applications/IIS

Create Tagging Profile (avcreateprofile)

The avcreateprofile command is used to create a new tagging profile in Asset View. Key
options for this command are:

Option 
(Short,Long Form)
Arguments Description

-C,--conditions String containing one or more conditions for the tagging profile. Multiple
<conditions> conditions should be delimited by a colon. See the table below for more
information about conditions.

-N,--name The name of the new tagging profile.

<name>

-O,--operator Specify whether an asset must match any or all of the specified conditions to be
<operator> included in the tagging profile.

The <operator> value must be either ANY or ALL.

-R,--runtype Specify whether this tagging profile runs automatically to continually monitor
<run type> assets or can only be run manually.

The <run type> value must be MANUAL or AUTOMATIC.

-T,--tagsettagpair A string containing one or more tagset/tag pairs that the tagging profile assigns
<tag set pairs> to assets that meet its conditions. If multiple tagset/tag pairs are specified, they
should be separated with semi-colons. For example:

-T Location/Portland;Applications/IIS

Tripwire Enterprise Commander 8.7.4 User Guide 16 Tripwire Inc.

 The “-C” parameter is specified by denoting different tagging profile conditions using the colon
character : . For example:

-C  <ConditionType>,<condparm_1>,<condparm_2>,<condparm_n>:
<NextConditionType>,<nextcondparm_1>,<nextcondparm_2>,<nextcondparm_n>:
<NextConditionType>...

Condition and Parameters

Description

HostnameContainsCondition,<true or false>,Text1,<true or false>,Text2,etc.

Matches assets with hostnames that include or do not include the specified string(s).

HostnameMatchesCondition,<true or false>,Text1,<true or false>,Text2,etc.

Works the same as HostnameContainsCondition above, but regular expressions can be used for the
matching text.

IpRangeCondition,IS_IN_RANGE,lowIP1,highIP1,IS_NOT_IN_RANGE,lowIP2,highIP2,etc.
Matches assets that are either in or not in the specified IP address range.

TagCondition,<true or false>,tagName1,<true or false>,tagName2,etc.

Matches assets that either have or do not have the specified tags applied.

TagContainsCondition,<true or false>,containsText1,tagName1,
<true or false>,containsText2,tagName2,etc.
Matches assets that either have or do not have tags that contain the specified text applied.

For example:

TagContainsCondition,false,Operating System,Windows,false,Location,Data Center

matches assets that don't have "Windows" in any of their Operating System tags and/or (based
on the -O option) don't have "Data Center" in any of their Location tags.

IpRangeCondition,IS_IN_RANGE,10.4.20.15,10.4.20,50:
TagCondition,Location/Houston,false

matches assets that are in the IP address range of 10.4.20.15 - 10.4.20.50 and/or (based on the -O
option) don't have the Location:Houston tag applied.

Tripwire Enterprise Commander 8.7.4 User Guide 17 Tripwire Inc.

Create Tag (avcreatetag)
The avcreatetag command is used to create a new Asset View tagset/tag pair. When creating
the tagset/tag pair, if the tagset does not already exist, it will be created. The key options for the
command are:

Option (Short,Long Form)
Arguments Description

-S,--tagset The name of the new tagset to be created.

<tagSetText>

-T,--tag The name of the new tag to be created.

<tagText>

For example:

tecommander avcreatetag -S Location -T "Los Angeles"

Delete Saved Filter (avdeletefilter)

The avdeletefilter command is used to delete saved filters in Asset View. The key option is:

Option (Short,Long Form)
Arguments Description

-N,--name Filter name

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 18 Tripwire Inc.

Delete Node Errors (avdeletenodeerrors)
The avdeletenondeerrors command is used to delete node errors in Asset View for a single
category or all categories (if the category string is left empty). The nodes to have errors deleted
can be specified:

l by name
l by node group
l by having a specific custom property value
l by having TE run a specified report and using the output
l in an existing XML report file

Key options are:

Option 
(Short,Long Form)
Arguments Description

-B,--propertytype The type of custom property used to select nodes that will have errors
<propType> deleted.

<propType> must be one of the following:

<yesno|select|text|numeric|date(format=mm/dd/yyyy or _NOW_)>

This option is only valid with the --propertyname and --

propertyvalue options.
-b,--recurse Recurse through sub-groups.

This option is only valid with the --nodegroup option.

-C,--error_category The category of errors to delete for the selected nodes.

<errorcategory>
<errorcategory> must be one of the following:
COMMUNICATION_ERROR
NODE_OUT_OF_SYNC
NODE_INCOMPATIBLE
RULE_RUN_ERROR
TASK_TIMED_OUT
UNCATEGORIZED
To delete all categories of errors for selected nodes, leave the arguments
for this option blank: -C ""

-i,--inputfile The full path to an existing XML report file with a list of nodes to have
<filePath> their errors deleted. Supported report types for this option are:
Device Inventory
System Log
Nodes with Changes
Last Node Check Status

Tripwire Enterprise Commander 8.7.4 User Guide 19 Tripwire Inc.

 Option 
(Short,Long Form)
Arguments Description

-n,--node The name(s) of a node or nodes to have their errors deleted.

<name1[;name2;etc]>

-N,--propertyname The name of the custom property used to select nodes that will have
<propName> errors deleted.

This option is only valid with the --propertytype and --

propertyvalue options.
-R,--report <reportname> must be the name of an existing TE report.
<reportName> TE Commander will run the specified report and use the output to specify
the nodes to have errors deleted.
Supported report types for this option are:
Device Inventory
System Log
Nodes with Changes
Last Node Check Status

-V,--propertyvalue The value of the custom property used to select nodes that will have
<propValueText> errors deleted.

This option is only valid with the --propertytype and --

propertyname options.
-w,--nodegroup <name1 The name(s) of one or more node groups to have their errors deleted.
[;name2;etc]>
Use the --recurse option to recurse through sub-groups.

Examples

Delete node errors of category 'Out of Sync' for a single node:

tecommander avdeletenodeerrors -n mynode.mycorp.com -C NODE_OUT_OF SYNC

Delete node errors in all categories for all nodes in a node group:
tecommander avdeletenodeerrors -w "App Node Group" -C ""

Delete node errors in specified category for all nodes that descend from a node group:
tecommander avdeletenodeerrors -w "App Node Group" -b -C COMMUNICATION_ERROR

Delete node errors in all categories for all nodes with a specified custom node property value:
tecommander avdeletenodeerrors -N Environment -B select -V Production -C ""

Delete node errors for specified category for all nodes in an existing XML report file:
tecommander avdeletenodeerrors -i c:\temp\failednodes.xml -C NODE_OUT_OF_SYNC

Delete node errors in all categories for all nodes in a qualified report:
tecommander avdeletenodeerrors -R "Failed Nodes Report" -C ""

Tripwire Enterprise Commander 8.7.4 User Guide 20 Tripwire Inc.

Delete Tagging Profile (avdeleteprofile)
The avdeleteprofile command is used to delete tagging profiles in Asset View. The key option
is:

Option (Short,Long Form)
Arguments Description

-N,--name Tagging profile name

<name>

Delete Tag (avdeletetag)

The avdeletetag command is used to delete a single existing tag in Asset View. When deleting
a tag, even if the tag is the last one in the tagset, it will not delete the tagset. The key options for
the command are:

Option (Short,Long Form)
Arguments Description

-S,--tagset Tagset name

<tagSetText>

-T,--tag Tag name

<tagText>

For example:

tecommander avdeletetag -S Application -T "Oracle Finance"

Delete Tagset (avdeletetagset)

The avdeletetagset command is used to delete an existing tagset. The key options for the
command are:

Option (Short,Long Form)
Arguments Description

-S,--tagset Tagset name

<tagSetText>

For example:

tecommander avdeletetagset -S "Business Unit"

Tripwire Enterprise Commander 8.7.4 User Guide 21 Tripwire Inc.

List Asset Tags (avlistassettags)
The avlistassettags command is used to list all tags associated with a specified node or the
nodes in a node group. The key options for the command are:

Option (Short,Long Form)
Arguments Description

-n,--node Node name

<name>

-w,--nodegroup Node group name

<name>

Reset Tag Set (avresettagset)

The avresettagset command is used to untag all assets from the tags in the specified tagset.
For example:

avresettagset -S Application

untags all of the tags in the Application tagset from all nodes. The only option for the command
is:

Option (Short,Long Form)
Arguments Description

-S,--tagset Tagset name

<tagSetText>

Tripwire Enterprise Commander 8.7.4 User Guide 22 Tripwire Inc.

Tag Asset (avtagasset)
The avtagasset command is used to apply tags to one or more nodes specified in multiple ways:

l by name
l by node group
l by having a specific custom property value
l by having TE Commander run a specified report and using the output
l in an existing XML report file

The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-b,--recurse Recurse through sub-groups.

This option is only valid with the --nodegroup option.

-B,--propertytype The type of custom property used to select nodes that will have tags
<propType> applied.

<propType> must be one of the following:

<yesno|select|text|numeric|date(format=mm/dd/yyyy or _NOW_)>

This option is only valid with the --propertyname and

--propertyvalue options.
-i,--inputfile The full path to an existing XML report file with a list of nodes to have tags
<filePath> applied. Supported report types for this option are:
Device Inventory
System Log
Nodes with Changes
Last Node Check Status

-n,--node The name(s) of a node or nodes to have tags applied.

<name1[;name2;etc]>

-N,--propertyname The name of the custom property used to select nodes that will have tags
<propName> applied.

This option is only valid with the --propertytype and

--propertyvalue options.
-R,--report <reportname> must be the name of an existing TE report. TE Commander
<reportName> will run the specified report and use the output to specify the nodes that
will have tags applied.
Supported report types for this option are:
Device Inventory
System Log
Nodes with Changes
Last Node Check Status

Tripwire Enterprise Commander 8.7.4 User Guide 23 Tripwire Inc.

 Option 
(Short,Long Form)
Arguments Description

-S,--tagset The name of the tagset with the tag to be applied to the selected nodes.
<tagSetText>

-T,--tag The name of the tag to be applied to the selected nodes.

<tagText>

-V,--propertyvalue The value of the custom property used to select nodes that will have tags
<propValueText> applied.

This option is only valid with the --propertytype and --propertyname

options.

-w,--nodegroup The name(s) of one or more node groups to have tags applied. Use the
<name1[;name2;etc]> --recurse option to recurse through sub-groups.
-Y,--autoCreate Create the specified tagset/tag pair if it doesn't already exist.

Examples

Tag a single node:

tecommander avtagasset -n mynode.mycorp.com -S MyTagSet -T MyTag

Tag all nodes in a node group and create the tagset/tag pair if it doesn't already exist:
tecommander avtagasset -w "App Node Group" -S MyTagSet -T MyTag -Y

Tag all nodes that descend from a node group:

tecommander avtagasset -w "App Node Group" -b -S MyTagSet -T MyTag

Tag all nodes with a specified custom node property value:

tecommander avtagasset -N Environment -B select -V Production -S Environment -T
Production

Tag all nodes in an existing XML report file:

tecommander avtagasset -i c:\temp\failednodes.xml -S MyTagSet -T "Failed Nodes"

Tag all nodes in a qualified report:

tecommander avtagasset -R "Failed Nodes Report" -S MyTagSet -T "Failed Nodes"

Tripwire Enterprise Commander 8.7.4 User Guide 24 Tripwire Inc.

Untag Asset (avuntagasset)
The avuntagasset command is used to remove a tag from one or more nodes specified in
multiple ways:

l by name
l by node group
l by having a specific custom property value
l by having TE Commander run a specified report and using the output
l in an existing XML file

The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-b,--recurse Recurse through sub-groups.

This option is only valid with the --nodegroup option.

-B,--propertytype The type of custom property used to select nodes that will have tags
<propType> removed.

<propType> must be one of the following:

<yesno|select|text|numeric|date(format=mm/dd/yyyy or _NOW_)>

This option is only valid with the --propertyname and

--propertyvalue options.
-i,--inputfile The full path to an existing XML report file with a list of nodes to have tags
<filePath> removed. Supported report types for this option are:
Device Inventory
System Log
Nodes with Changes
Last Node Check Status

-n,--node The name(s) of a node or nodes to have tags removed.

<name1[;name2;etc]>

-N,--propertyname The name of the custom property used to select nodes that will have tags
<propName> removed.

This option is only valid with the --propertytype and

--propertyvalue options.

Tripwire Enterprise Commander 8.7.4 User Guide 25 Tripwire Inc.

 Option 
(Short,Long Form)
Arguments Description

-R,--report <reportname> must be the name of an existing TE report.

<reportName> TE Commander will run the specified report and use the output to specify
the nodes that will have tags removed.
Supported report types for this option are:
Device Inventory
System Log
Nodes with Changes
Last Node Check Status

-S,--tagset The name of the tagset with the tag to be removed from the selected
<tagSetText> nodes.

-T,--tag The name of the tag to be removed from the selected nodes.
<tagText>

-V,--propertyvalue The value of the custom property used to select nodes that will have tags
<propValueText> removed.

This option is only valid with the --propertytype and

--propertyname options.
-w,--nodegroup The name(s) of one or more node groups to have tags removed. Use the
<name1[;name2;etc]> --recurse option to recurse through sub-groups.

Examples

Untag a single node:

tecommander avuntagasset -n mynode.mycorp.com -S MyTagSet -T MyTag

Untag all tags within a tagset for a single node:

tecommander avuntagasset -n mynode.mycorp.com -S MyTagSet

Untag all nodes in a node group:

tecommander avuntagasset -w "App Node Group" -S MyTagSet -T MyTag

Untag all nodes that descend from a node group:

tecommander avuntagasset -w "App Node Group" -b -S MyTagSet -T MyTag

Untag all nodes with a specified custom node property value:

tecommander avuntagasset -N Environment -B select -V Production -S Environment -T
Production

Untag all nodes in an existing XML report file:

tecommander avuntagasset -i c:\temp\failednodes.xml -S MyTagSet -T "Failed Nodes"

Untag all nodes in a qualified report:

tecommander avuntagasset -R "Failed Nodes Report" -S MyTagSet -T "Failed Nodes"

Tripwire Enterprise Commander 8.7.4 User Guide 26 Tripwire Inc.

Baseline (baseline)
The baseline command is used to baseline a node or node group with a single rule or rule group. 
The key options for the command are:

Option (Short,Long Form)
Arguments Description

-n,--node The name of the node to be baselined.

<name>

-r,--rule The name of the rule used to create the baseline.

<ruleName>

-w,--nodegroup The name of the node group containing nodes to be baselined.

<nodeGroupName>

-x,--rulegroup The name of the rule group used to create the baseline.
<ruleGroupName>

-Y,--preserve If specified, existing baselines will be preserved.

For example:

tecommander baseline -n teconsole.mycorp.com -x "Rule Group"

Baseline to CSV (betocsv)

The betocsv command is used to transform a TE baseline elements report to an output file in the
CSV format.  You may either specify a baseline elements report that has already been exported
to an XML file, or specify the name of the baseline elements report and TE Commander will run
it and export the results to a CSV file. 

The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-i,--inputfile The full path to a baseline elements report that has been exported to an
<filepath> XML file.

-o,--outputfile The full path to the output CSV file.

<outputfile>

-R,--report The name of a TE baseline elements report to be run and exported to

<name> CSV format.

-Y,--groupedbynode Include this option if the report is grouped by node.

For example:

tecommander betocsv -R "My Baseline Report" -o Baseline.csv

Tripwire Enterprise Commander 8.7.4 User Guide 27 Tripwire Inc.

Changed Elements to CSV (cetocsv)
The cetocsv command is used to expand the default changed elements report in CSV format
with additional information. This includes adding the rule name for the element and all individual
change request IDs in the case of a "Multiple Authorizations" promotion.

The key options are:

Option (Short,Long Form)
Arguments Description

-A,--appr_ids Include approval IDs containing the specified values (separated by

<approvalIDs> double-semicolons[;;].  For example: 

"CHG;;CRQ;;INC;;Multiple;;CSV"
-D,--daterange Date range specified as "M/d/yy h:mm aa,M/d/yy h:mm aa". For
<dates> example:

"11/12/13 4:15 PM,12/3/14 10:05 AM"

-F,--fullversiondescription Always show full version descriptions.

-m,--multipleauthonly Only report "Multiple Authorizations" versions.

-n,--node The name of the node to include in the report.

<name>

-o,--outputfile The full path to the output CSV file.

<outputfile>

-R,--numberrandomelements Output only the specified number of randomly-selected elements

<number> from the report.
This may be useful if, for example, an auditor wants to see a
sampling of change data, rather than the entire list of detected
changes.

-U,--period Type of time periods (hours or days) to include in the report.

<days/hours>

-V,--amount The number of time periods (specified by the -U option) to include

<number> in the report.

-W,--wait The number of minutes to wait after the command is complete

<wait_minutes> before continuing.

-w,--nodegroup The name of the node group to include in the report.

<name>

-x,--rulegroup The name of the rule group to include in the report.

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 28 Tripwire Inc.

Change User Password (changeuserpw)
The changeuserpw command is used to change the password for a TE user account.

Option (Short,Long Form)
Arguments Description

-P,--new_password The new password for the user account.

<password>

-U,--username The username of the account to have its password changed.

<username>

Check (check)
The check command is used to check a node or node group against a single rule or rule group. 
The key options for the command are:

Option (Short,Long Form)
Arguments Description

-n,--node The name of the node to check.

<name>

-r,--rule The name of the rule to use for the check.

<name>

-w,--nodegroup The name of the node group to check.

<name>

-x,--rulegroup The name of the rule group to use for the check.
<name>

For example:

tecommander check -w "My Node Group" -x "My Rule Group"

Tripwire Enterprise Commander 8.7.4 User Guide 29 Tripwire Inc.

Configure Node Events (configurenodeevents)
The configurenodeevents command is used to configure audit collection and/or the Event
Generator settings for a specified node or group of nodes. The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-b,--realtime Enable real-time monitoring. If not specified, real-time will be disabled.

-B,--os Use the OS as the audit source. If not specified, the Event Generator will
be used as the audit source.

-n,--node The node(s) to configure audit collection for.

<name[;name2;name3]>

-w,--nodegroup The node group(s) to configure audit collection for.

<name[;name2;name3]>

-W,--wait The number of minutes to wait after the command is complete before
<minutes> continuing.

-Y,--auditevents Collect audit information. If not specified, audit information will not be
collected.

For example:

tecommander configurenodeevents -n teconsole -b -Y

Create External Element Version (createextcontent)

The createextcontent command is used to create an element/version from externally-generated
content. This command (and the createextrule command below) enables you to integrate TE
with external data sources.

A node name, external rule name, and element name must be specified. Key options are:

Option 
(Short,Long Form)
Arguments Description

-C,--content The content for the new element. Content can be specified in the following ways:
<content>
l Specifying an empty content string will generate an 'exists=false' element
version.
l Specifying anything else as the content string will use the content string as
the version content.

Note: Specifying a filename (using the --contentFile option below) will use

the content in the specified file instead of the content specified here.

-D,--timeDetected Detected time for the element in the format (2016-09-30 17:30:17).
<time>
If not defined, defaults to the time when the command is run.

Tripwire Enterprise Commander 8.7.4 User Guide 30 Tripwire Inc.

 Option 
(Short,Long Form)
Arguments Description

-e,--elementname The name of the new element.

<elementName>

-F,--contentFile A file containing element content for the new element.

<file>

-n,--node The name of the node where the new element should be created.
<nodeName>

-r,--rule The name of an external rule (see createextrule below) to be associated with
<ruleName> the new element.

--returnCode The return code of the source of the content. This should be set to zero if
<returnCode> creating versions wtih empty content

-S,--severity The severity value for the created content. The default value is 0.
<severity>

--sha1 The SHA-1 hash of the content.

<hash>

--streamSha1 The Stream SHA-1 hash of the content.

<hash>

-T,--changeType The type of change for the element. Valid values are BASELINE, ADDED,
<type> MODIFIED, REMOVED. The default value is MODIFIED.

For example:

tecommander createextcontent -n teconsole.mycorp.com -r "My External Rule" -e

EmptyElement -C ""

generates a new element/version with no content as a non-existent version.

Create External Rule (createextrule)

The createextrule command is used to create a new external rule. This command (and the
createextcontent command above) enables you to integrate TE with external data sources.

You must specify a name for the new rule and an existing rule group where the new rule should
be linked. Key options are:

Option (Short,Long Form)
Arguments Description

-r,--rule The name of the new external rule.

<ruleName>

-x,--rulegroup The name of the rule group where the new external rule will be linked.
<ruleGroupname>

For example:

createextrule -r "New Rule Name" -x "Application Rules"

Tripwire Enterprise Commander 8.7.4 User Guide 31 Tripwire Inc.

Create Group (creategroup)
The creategroup command is used to create new node, rule, action, policy test, task, or report
groups.  The key options for the command are:

Option (Short,Long Form)
Arguments Description

-g,--newgroup The name of the new group to be created.

<name>

-J,--reportgroup The report group in which to create the new group.

<name>

-K,--taskgroup The task group in which to create the new group.

<name>

-w,--nodegroup The node group in which to create the new group.

<name>

-x,--rulegroup The rule group in which to create the new group.

<name>

-y,--actiongroup The action group in which to create the new group.

<name>

-z,--policytestgroup The policy test group in which to create the new group.
<name>

For example:

tecommander creategroup -w "Root Node Group" -g "New Node Group"

DB Query Rule to CSV (dbtocsv)

The dbtocsv command is used to export database query rule element version content and parse it
to CSV format. The key options for the command are:

Option (Short,Long Form)
Arguments Description

-e,--elementname Element name

<name>

-n,--node Node name

<name>

-o,--outputfile Output CSV file location

<outputfile>

-w,--nodegroup Node group name

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 32 Tripwire Inc.

Delete (delete)
The delete command is used to delete a single node, rule, action, policy test, task, report,
element, or user object.  The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-a,--action The action(s) to be deleted.

<name1[;name2;etc.]>

-c,--policytest The policy test(s) to be deleted.

<name1[;name2;etc.]>

-e,--elementname The element to be deleted.

<name>

-j,--report The report(s) to be deleted.

<name1[;name2;etc.]>

-J,--reportgroup The report group(s) to be deleted.

<name1[;name2;etc.]>

-k,--task The task(s) to be deleted.

<name1[;name2;etc.]>

-K,--taskgroup The task group(s) to be deleted.

<name1[;name2;etc.]>

-n,--node The node(s) to be deleted.

<name1[;name2;etc.]>

-r,--rule The rule(s) to be deleted.

<name1[;name2;etc.]>

-U,--userparm The TE user name to be deleted.

<name>

-w,--nodegroup The node group(s) to be deleted.

<name1[;name2;etc.]>

-x,--rulegroup The rule group(s) to be deleted.

<name1[;name2;etc.]>

-y,--actiongroup The action group(s) to be deleted.

<name1[;name2;etc.]>

-z,--policytestgroup The policy test group(s) to be deleted.

<name1[;name2;etc.]>

For example:

tecommander delete -w "New Node Group"

Tripwire Enterprise Commander 8.7.4 User Guide 33 Tripwire Inc.

Remove TE User (deluser)
The deluser command is used to permanently delete a user from TE.

Option (Short,Long Form)
Arguments Description

-n, --name Name or OID of the TE user to delete.

<name>

For example:

tecommander deluser -n jUser

Remove TE User Group (delusergrp)

The delusergrp command is used to permanently delete a user group from TE.

Option (Short,Long Form)
Arguments Description

-n, --name Name or OID of the TE user group to delete.

<name>

For example:

tecommander delusergrp -n “NERC Test Users”

Tripwire Enterprise Commander 8.7.4 User Guide 34 Tripwire Inc.

Edit TE User (edituser)
The edituser command is used to edit an existing TE user’s information, assigned role, group
membership, and/or assigned homepages.

Option (Short,Long Form)
Arguments Description

-d, --description Description of the user.

<description>

-e, --email User’s email.

<email>

-g, --groups List of groups the user should belong to.

<groups>

-H, --homepages List of homepages the user should belong to.

<homepages>

-j, --asJSON Output created user’s info as JSON.

-n, --name [Required] User’s name.

<name>

-r, --role Role to assign to user.

<role>

--userpassword Password to assign to user.

<password>

For example:

tecommander edituser -n jUser -g “NERC Users” -h “NERC Overview”

Edit TE User Group (editusergrp)

The editusergrp command is used to update an existing TE user group.

Option (Short,Long Form)
Arguments Description

-d, --description Description of the user group.

<description>

-j, --asJSON Output updated user group as JSON.

-n, --name [Required] Name of the TE user group to edit.

<name>

-N, --newgroupname New name for the TE user group.

<name>

For example:

tecommander editusergrp -n “NERC Admins” -N “NERC Administrators”

-d “Users responsible for managing NERC assets in TE”

Tripwire Enterprise Commander 8.7.4 User Guide 35 Tripwire Inc.

Element Count (elementcount)
The elementcount command is used to get an element count based on the provided criteria. A
node group and a rule object are required to prevent out-of-control result sets. Key options are:

Option 
(Short,Long Form)
Arguments Description

-B,--orphaned If specified, only orphan (unchecked) elements are included. Otherwise, all

elements are included.

-e,--elementname Include any elements with a name that matches the specified pattern.
<name>

-n,--node Include any nodes with a name that matches the specified pattern.
<name>

-r,--rule (Required) Include elements associated with the specified rule.

<name>

-v,--current_versions Current Version string. 

<currentVersion>
Valid values for <currentversion> include any or all of the following:
(B)aseline, (A)ddition, (M)odification, (R)emoval.  For example: BAM

-w,--nodegroup (Required) Node group name.

<name>

-x,--rulegroup Rule group names.

<name>

For example:

Count all elements containing "opt/java/dev" on any node in the node group "Monitoring
Enabled" collected by the "TEIF" rule:

tecommander elementcount -w "Monitoring Enabled" -r "TEIF" -e /opt/java/dev

Export (export)
The export command is used to export any object type supported by the SOAP API export
command. Specify the object to export and the full path of the desired export file.

When exporting version content, the node and element name are minimum requirements. With
these specs alone, the most recent baseline version is exported UNLESS the –Y option is used.
In this case, the most recent version is exported. Additionally, specifying the version date (as
displayed in the TE user interface) will restrict the export to the requested version. 

Tripwire Enterprise Commander 8.7.4 User Guide 36 Tripwire Inc.

 The key options for the command are:

Option (Short,Long Form)
Arguments Description

-a,--action Action name

<name>

-c,--policytest Policy test name

<name>

-e,--elementname Element name

<name>

-J,--reportgroup Report group name

<name>

-j,--report Report name

<name>

-K,--taskgroup Task group name

<name>

-k,--task Task name

<name>

-m,--logoid Log message OID

<oid>

-n,--node Node name

<name>

-o,--outputfile Full path to the output file location.

<outputfile>
Note: The destination folder must already exist when running this
command.

-r,--rule Rule name

<name>

-S,--settings Used to export settings.

-v,--versionlabel Version name (GUI Date/Time stamp)

<timestamp>

-w,--nodegroup Node group name

<name>

-x,--rulegroup Rule group name

<name>

-Y,--currvers If specified when exporting elements, gets the current version instead
of the baseline version.

-y,--actiongroup Action group name

<name>

-z,--policytestgroup Policy test group name

<name>

For example:
tecommander export -w "Node Group" -o Node_export_file.xml

Tripwire Enterprise Commander 8.7.4 User Guide 37 Tripwire Inc.

Find (find)
The find command is used to find and display details for a groupable TE groupable
object. Wildcards are permitted.  The key options for the command are:

Option (Short,Long Form)
Arguments Description

-a,--action Action name

<name>

-c,--policytest Policy test name

<name>

-j,--report Report name

<name>

-J,--reportgroup Report group name

<name>

-k,--task Task name

<name>

-K,--taskgroup Task group name

<name>

-n,--node Node name

<name>

-r,--rule Rule name

<name>

-w,--nodegroup Node group name

<name>

-x,--rulegroup Rule group name

<name>

-y,--actiongroup Action group name

<name>

-Y,--searchips Search assets for IP address

-z,--policytestgroup Policy test group name

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 38 Tripwire Inc.

Find Hashes (findhash)
The findhash command is used to retrieve any element versions containing the specified hash
(es). If the -H option is used, you can provide up to 10 comma-delimited hash values and see any
version info matching the hash(es). If the -i option is used, you can specify a text file containing
a mix of MD5, SHA-1, SHA-256 or ShA-512 hashes (one hash per line).

Key options are:

Option (Short,Long Form)
Arguments Description

-H,--hash_values Up to 10 comma-delimited hashes can be included on the command

<hash_value(s)> line.

-i,--inputfile Full or relative path to a plain text file with hashes.

<filePath>

For example:

tecommander findhash -H
5bf0a775ab633ad3c289cde39c5d553c9d580f35,e2be805bc142baea4dc327e817aa27ac9c01e25a

tecommander findhash -i hashes.txt

Find TE Roles (findroles)

The findroles command is used to locate TE roles.

Option 
(Short,Long Form)
Arguments Description

-a, --administrator Flag indicating that when searching, only roles with full administrator
permissions should be considered.

-b, --builtin Flag indicating that only built-in roles should be searched.

-d, --description List of descriptions to search for.

<description>

-j, --asJSON Output updated user group as JSON.

-n, --name List of role names or OIDs to search for.

<name>

For example:

tecommander findroles -j -b

Tripwire Enterprise Commander 8.7.4 User Guide 39 Tripwire Inc.

Find TE User Groups (findusergrps)
The findusersgrps command is used to locate TE user groups.

Option (Short,Long Form)
Arguments Description

-b, --builtin Flag indicating only built-in user groups should be searched.

-d, --description List of descriptions to locate.

<description>

-j, --asJSON Output user group information as JSON.

-n, --name List of group names or OIDs to locate.

<name>

For example:

tecommander findusergrps -n “NERC Users, NERC Administrator”

Find TE Users (findusers)

The findusers command is used to locate TE users.

Option (Short,Long Form)
Arguments Description

-b, --builtin Flag indicating only built-in accounts should be searched.

-d, --description List of descriptions to search for.

<description>

-e, --email List of user emails to search for.

<email>

-j, --asJSON Output user information as JSON.

-n, --name List of user names or OIDs to search for.

<name>

-r, --role Role that the users have currently assigned.

<role>

For example:

tecommander findusers -n “jUser, jBond, sSmith”

Tripwire Enterprise Commander 8.7.4 User Guide 40 Tripwire Inc.

Import (import)
The import command is used to import any object type supported by the SOAP API export
command. Specify the target group where the object(s) should be imported and the full path to
the export file to be imported.  If importing settings, do not specify a target object.

The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-B,--importsettings Specifies that this is a settings import.

-i,--inputfile XML export file location.

<inputfile>

-J,--reportgroup Report group name

<name>

-K,--taskgroup Task group name

<name>

-w,--nodegroup Node group name

<name>

-x,--rulegroup Rule group name

<name>

-y,--actiongroup Action group name

<name>

-Y,--acceptconflicts Yes, accept all conflicts from import file.

-z,--policytestgroup Policy test group name

<name>

For example:

tecommander import -x "Root Node Group" -i ..\temp\ruleExport.xml

License Information (licenseinfo)

The licenseinfo command is used to list all license information for the current TE Console.
There are no key options for this command. The output includes the current number of available
and used licenses of each type on the Console.

Tripwire Enterprise Commander 8.7.4 User Guide 41 Tripwire Inc.

Link (link)
The link command is used to link existing objects to an existing group of the same type.  The
key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-a,--action Action name(s)

<name1;[name2;etc]>

-c,--policytest Policy test name(s)

<name1;[name2;etc]>

-j,--report Report name(s)

<name1;[name2;etc]>

-J,--reportgroup Report group name(s)

<name1;[name2;etc]>

-k,--task Task name(s)

<name1;[name2;etc]>

-K,--taskgroup Task group name(s)

<name1;[name2;etc]>

-n,--node Node name(s)

<name1;[name2;etc]>

-r,--rule Rule name(s)

<name1;[name2;etc]>

-t,--to The name of the group to link to.

<name>

-w,--nodegroup Node group name(s)

<name1;[name2;etc]>

-W,--wait Minutes to wait after command is complete

<minutes> before continuing.

-x,--rulegroup Rule group name(s)

<name1;[name2;etc]>

-y,--actiongroup Action group name(s)

<name1;[name2;etc]>

-z,--policytestgroup Policy test group name(s)

<name1;[name2;etc]>

For example:

tecommander link -x "New Rule Group" -t "Root Rule Group"

Tripwire Enterprise Commander 8.7.4 User Guide 42 Tripwire Inc.

List Custom Properties (listcustprops)
The listcustprops command is used to list all NON-DEFAULT values of custom node
properties (in CSV format by default) for a single node or nodes within a node group (if the -w
option is used).  The key options for the command are:

Option (Short,Long Form)
Arguments Description

-n,--node Node name

<name>

-w,--nodegroup Node group name

<name>

-Y,--OLD_FORMAT Use old, linear format

For example:

tecommander listcustprops -n teconsole

List Event Settings (listnodeeventsettings)

The listnodeeventsettings command retrieves event/audit settings about nodes in the
specified node group and outputs it in CSV format. The only option is:

Option (Short,Long Form)
Arguments Description

-w,--nodegroup Node group name

<name>

List Nodes with Custom Properties (listnodes)

The listnodes command is used to list all nodes with the specified custom property value.  The
key options for the command are:

Option (Short,Long Form)
Arguments Description

-B,--propertytype Custom property type.

<type>
<type> can be [yesno|select|text] only.
-N,--propertyname Custom property name.
<name>

-V,--propertyvalue Custom property value.

<value>

For example:
tecommander listnodes -B yesno -N "In Scope" -V Yes

Tripwire Enterprise Commander 8.7.4 User Guide 43 Tripwire Inc.

List Parents (listparents)
The listparents command is used to list all parent object groups for the specified object.  The
key options for the command are:

Option (Short,Long Form)
Arguments Description

-a,--action Action name

<name>

-c,--policytest Policy test name

<name>

-j,--report Report name

<name>

-J,--reportgroup Report group name

<name>

-k,--task Task name

<name>

-K,--taskgroup Task group name

<name>

-n,--node Node name

<name>

-r,--rule Rule name

<name>

-w,--nodegroup Node group name

<name>

-x,--rulegroup Rule group name

<name>

-y,--actiongroup Action group name

<name>

-z,--policytestgroup Policy test group name

<name>

List Rules (listrules)

The listrules command retrieves a list of all rules associated with a node. The only option for the
command is:

Option (Short,Long Form)
Arguments Description

-N,--node_name Node name

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 44 Tripwire Inc.

List Tree (listtree)
The listtree command is used to list the contents of object groups and all sub-trees. If the the -
Y option is used, the command will display the full hierarchy path for each object.  The key
options for the command are:

Option (Short,Long Form)
Arguments Description

-b,--nongroupflat Display non-group objects in a flat list.

-J,--reportgroup Report group name

<name>

-K,--taskgroup Task group name

<name>

-w,--nodegroup Node group name

<name>

-x,--rulegroup Rule group name

<name>

-Y,--fullpaths If specified, display hierarchical paths.

-y,--actiongroup Action group name

<name>

-z,--policytestgroup Policy test group name

<name>

For example:

tecommander listtree -x "Critical Rules"

List Variables (listvars)

The listvars command is used to list all local node variables, either for a single node or each
node in a node group.  The key options for the command are:

Option (Short,Long Form)
Arguments Description

-n,--node Node name

<name>

-w,--nodegroup Node group name

<name>

For example:

tecommander listvars -w "Node Group"

Tripwire Enterprise Commander 8.7.4 User Guide 45 Tripwire Inc.

List Element Versions (listversions)
The listversions command is used to list versions of the specified element(s). Options are:

Option (Short,Long Form)
Arguments Description

-e,--elementname Element name

<name>

-n,--node Node name

<name>

Mass Element Delete (masselementdelete)

The masselementdelete command is used to delete a large number of elements on a per-node
basis.  This is basically a command-line function for element searching and deleting when just
deleting the rule won't do.  A node group and a rule object are required for safety purposes.

The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-B,--checked If set to true, only delete currently checked elements.

<true|false>
The default value is false.

-e,--elementname Element name pattern

<name>

-n,--node Node name pattern

<name>

-r,--rule Rule name

<name>

-v,--current_ Current version string. 

versions
<type> <type> can be any or all of the following:
(B)aseline, (A)ddition, (M)odification, (R)emoval.  For example: BAM

-w,--nodegroup Node group name (Required)

<name>

-x,--rulegroup Rule group name

<name>

-Y,--countonly Only display a count of elements. No elements will be deleted.

For example:

masselementdelete -n tecon -w "Monitoring Enabled" -r "TEIF” -e /opt/java/dev

This command will delete all elements containing opt/java/dev on any node containing tecon
in the node group Monitoring Enabled collected by the TEIF rule. 

Tripwire Enterprise Commander 8.7.4 User Guide 46 Tripwire Inc.

Mass Node Populate (massnodepop)
The massnodepop command is used to create an export file containing multiple nodes created
from a list of nodes and a single "model" node export file.

The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-i,--inputfile Input text file with a list of nodes. Formatting options for this file are:
<inputfile>
1) Node name only
2) Node name and description, separated by a comma

-o,--outputfile Full path to the location where the output XMLfile will be created.
<outputxslxfile>

-t,--nodetype The type of nodes to be created. Valid values for <type> are:
<type>
l ND for Network Device nodes
l SQLServerNode for SQL Server nodes
-X,--model Full path to the "model" node export XML file.
<path>

Tripwire Enterprise Commander 8.7.4 User Guide 47 Tripwire Inc.

Move (move)
The move command is used to move an object or group from one group to another. The -f option
specifies the From group and -t specifies the To or target group.  In addition, you can provide a
matching pattern for nodes to be moved.  The key options for the command are:

Option (Short,Long Form)
Arguments Description

-a,--action Action name(s)

<name1[;name2;etc]>

-c,--policytest Policy test name(s)

<name1[;name2;etc]>

-f,--from From group name

<fromgroup>

-j,--report Report name(s)

<name1[;name2;etc]>

-J,--reportgroup Report group name(s)

<name1[;name2;etc]>

-k,--task Task name(s)

<name1[;name2;etc]>

-K,--taskgroup Task group name(s)

<name1[;name2;etc]>

-n,--node Node name(s)

<name1[;name2;etc]>

-r,--rule Rule name(s)

<name1[;name2;etc]>

-t,--to To group name

<togroup>

-w,--nodegroup Node group name(s)

<name1[;name2;etc]>

-x,--rulegroup Rule group name(s)

<name1[;name2;etc]>

-y,--actiongroup Action group name(s)

<name1[;name2;etc]>

-z,--policytestgroup Policy test group name(s)

<name1[;name2;etc]>

For example:

tecommander move -x "Rules to Move" -f "From Directory" -t "To Directory"

Tripwire Enterprise Commander 8.7.4 User Guide 48 Tripwire Inc.

Point-in-time Report (pointintime)
The pointintime command is used to generate a point-in-time report for a node object/rule
object pair. Specify a semicolon-separated list of node objects, a semicolon-separated list of rule
objects, and a date/time string (locale-based).

Options are:

Option (Short,Long Form)
Arguments Description

-A,--attribs If specified, show attributes.

-C,--content If specified, show content.

-D,--datestamp Date for the report in the current version locale. 

<date:time> Default (US) is "M/d/yy hh:mm aa"

-n,--node Node name(s)

<name1[;name2;etc]>

-r,--rule Rule name(s)

<name1[;name2;etc]>

-w,--nodegroup Node group name(s)

<name1[;name2;etc]>

-x,--rulegroup Rule group name(s)

<name1[;name2;etc]>

Example:

tecommander pointintime -w "mynode1.example.com;mynode2.example.com" -x

"Application Rules" -D "11/12/13 4:15 PM"

Tripwire Enterprise Commander 8.7.4 User Guide 49 Tripwire Inc.

Promote (promote)
The promote command is used to promote, either by match using a specified manifest and node
object, or by specifying a node and element name combination. Specify the match file, promotion
type, approval ID, promotion comment, and the target node or node group OR specify the node
and element name along with the approval ID and promotion comment.

The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-A,--apprid Approval identifier

<value>

-C,--comment Promotion comment, in double quotes.

<text>

-e,--elementname Element name

<name>

-i,--inputfile Full path to the manifest file

<inputfile>

-n,--node Node name

<name>

-S,--strategy Promote strategy

<type>
<type> must be either elementNames or
elementNamesAndHashes. This option is required if
you are providing a manifest file.

-w,--nodegroup Node group name

<name>

For example:

tecommander promote -n mynode -e "goodvers.txt -A "CHG1234" -C "Promotion comment"

Tripwire Enterprise Commander 8.7.4 User Guide 50 Tripwire Inc.

Rename (rename)
The rename command is used to rename an existing groupable object to the value specified by
the -N option. Using the –S option instead of –N will, if the object is a group, add the text to the
end of the name of all child groups.

The key options for the command are:

Option (Short,Long Form)
Arguments Description

-a,--action Action name or OID

<name>

-c,--policytest Policy test name or OID

<name>

-j,--report Report name

<name>

-J,--reportgroup Report group name or OID

<name>

-k,--task Task name or OID

<name>

-K,--taskgroup Task group name or OID

<name>

-n,--node Node name or OID

<name>

-N,--newname New name

<name>

-r,--rule Rule name or OID

<name>

-S,--suffix Suffix text

<text>

-w,--nodegroup Node group name or OID

<name>

-x,--rulegroup Rule group name or OID

<name>

-y,--actiongroup Action group name or OID

<name>

-z,--policytestgroup Policy test group name or OID

<name>

For example:

tecommander rename -n teconsole_old -N teconsole_new

Tripwire Enterprise Commander 8.7.4 User Guide 51 Tripwire Inc.

Rename to Hostname (renametohostname)
The renametohostname command tries to identify nodes by their known names using two
methods:

l Method 1 retrieves the hostname from the Agent itself using a rule that captures the
hostname in a specified element and uses that name to rename the node. This method is
used by default, unless the -L option is specified.
l Method 2 executes a reverse lookup operation, retrieving the hostname from the default
DNS and using that name to rename the node.

This command can be executed against a single Agent node, a node group's immediate child
nodes, or all nodes descending from a node group. There is also an option to only rename nodes
whose name is an IP address. This is currently required for the reverse lookup method.

Options are:

Option 
(Short,Long Form)
Arguments Description

-C,--case Specify optional hostname case conversion, if desired. 

<toUpper|toLower>

-e,--elementname The name of the element used to store the hostname using Method 1,
<name> above.

-L,--revlookup Uses reverse lookup instead of element content. See description above.

-n,--node Node name

<name>

-R,--recurse If a node group is specified with the -w option, specify whether to

<Immediate|All)> recurse immediate child nodes (default) or all child nodes.

-w,--nodegroup Node group name

<name>

-Y,--ipsonly Rename only if node name is an IP address.

Tripwire Enterprise Commander 8.7.4 User Guide 52 Tripwire Inc.

Report (report)
The report command is used generate reports via the command line. Report criteria can be
specified including nodes, rules, or actions and their corresponding groups. In addition, a
matching pattern can be provided for moving nodes. The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-c,--policytest Policy test name

<name>

-D,--date This can be a Since date (single date value) or date range (two date values,
<dateordates> comma-separated).
The date format is: MM/dd/yyyy HH:mm:ss (using a 24-hour clock)

-F,--format The report output format.

<format>
<format> can be xml , pdf, html or csv (if supported by the selected report
type). The default value is XML.

-n,--node Node name

<name>

-o,--outputfile Full path to report output file.

<outputfile>

-P,--reportparms Report parameters. See below for details.

<parms>

-r,--rule Rule name

<name>

-t,--template Report template. If specified, the command will create a new report.
<templatename>
If not specified, the command will attempt to locate an existing report with the
name specified by the -T option.

-T,--reporttitle Report title

<title>

-w,--nodegroup Node group name

<name>

-x,--rulegroup Rule group name

<name>

-z,-- Policy test group name

policytestgroup
<name>

If not using an existing report, report criterion can be specified on the command line with the -P
option.  The following report criterion are supported.

BooleanCriterion – 2 parameters; the name of the criterion and the value, true or false.
MatchCriterion – 3 parameters; the name of the criterion, the type (contains, excludes,
etc.) and the value to match
SelectCriterion – 3 parameters; the name of the criterion, the display value and the actual value

Tripwire Enterprise Commander 8.7.4 User Guide 53 Tripwire Inc.

 SeverityRangeCriterion – 3 parameters; the name of the criterion, the low value of the
severity range and the high value of the severity range.
IntegerCriterion – 2 parameters; the name of the criterion and the integer value
WeightCriterion – 3 parameters; the name of the criterion, the low weight integer value
and the high weight integer value
RelativeTimeRangeCriterion – 4 parameters; the name of the criterion, the integer
value, the unit of time and the string display value (i.e. “In the last 3 days”)
LogCategoryCriterion – 2 parameters; the name of the criterion and the string value
LogLevelCriterion – 2 parameters; the name of the criterion and the string value (only
‘error’ and ‘info’ supported)
RelativeTimeRangeCriterion - 3 parameters; the numeric value of the period, the period
("day" "hour" "month" "week" "year") and the displayValue (eg. "In the last 30 days").
Only one RTRC allowed per report.
AbsoluteTimeRangeCriterion - 2 parameters; startDateTime and endDateTime where
datetime format is "M/d/yy h:mm aa" eg. "11/12/13 4:15 PM. (Only one ATRC is allowed
per report)
The -P parameter is specified by denoting different Criterion types separated by a colon, as in:

-P <CriterionType>,<critparm_1>,<critparm_2>,<critparm_n>:
<NextCriterionType>,<nextcritparm_1>,<nextcritparm_2>,<nextcritparm_n>, etc.

Report criterion are grouped by type.  In other words, specify all BooleanCriterion together,
starting with “BooleanCriterion” then the name/value pairs as shown here:

BooleanCriterion,currentVersionsOnly,false,displayCriteriaAtEnd,true,displayUsers,true

If there are different criterion required for the same report, separate each type of Criterion with
a single colon character as shown here:

BooleanCriterion,currentVersionsOnly,false,displayCriteriaAtEnd,true,displayUsers,tru
e:SelectCriterion,elementExists,Yes,yes:MatchCriterion,approvalId,contains,CRQ1234

If hard dates are required as opposed to relative time ranges, the –D option can be used instead of a
RelativeTimeRangeCriterion.  If one datetime string is specified, it will be interpreted as a ‘since
date’.  If two datetime strings are found (comma-separated), they will be considered a range.

A full working example of a report command might look like this:

tecommander.cmd report -T "Detailed Changes Report" -P

BooleanCriterion,currentVersionsOnly,false,displayCriteriaAtEnd,true,displayUsers,
true:SelectCriterion,elementExists,Yes,yes:MatchCriterion,approvalId,contains,KPF
-F PDF -o d:\dev\test\detailedchanges.pdf -t detailedchanges_rpt -n
mynode.mycorp.com –s localhost –u administrator -p passphrase

The report command supports the following report templates:

l unreconciledchangeaging_rpt

l systemlog_rpt

Tripwire Enterprise Commander 8.7.4 User Guide 54 Tripwire Inc.

 l referencenodevariance_rpt
l scoringhistory_rpt
l policyscorecard_rpt
l remediationassessment_rpt
l scoring_rpt
l detailedwaivers_rpt
l detailedtestresults_rpt
l nodeswithchanges_rpt
l detailedtestinventory_rpt
l freqchangednodes_rpt
l detailedchanges_rpt
l userrolesall_rpt
l remediationworkorders_rpt
l frequentlychangedelements_rpt
l baselineelements_rpt
l deviceinventory_rpt
l lastnodecheckstatus_rpt
l inventorychange_rpt
l changesbyseverity_rpt
l changerate_rpt
l systemaccesscontrol_rpt
l unmonitorednodes_rpt
l changesbynodeorgroup_rpt
l monitoringpolicy_rpt
l changewindow_rpt
l changeprocesscompliance_rpt
l testresultsbynode_rpt
l compliancehistory_rpt
l elements_rpt
l tasks_rpt
l userroles_rpt
l missingelements_rpt
l changesbyruleorgroup_rpt
l changedelements_rpt
l compositechanges_rpt
l elementcontents_rpt
l changevariance_rpt
l unchangedelements_rpt
l remediationworkordersummary_rpt

Tripwire Enterprise Commander 8.7.4 User Guide 55 Tripwire Inc.

Restart Agent (restartagent)
The restartagent command is used to restart a single Agent or each Agent in a node group or
supported report.  The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-i,--inputfile An existing XML report file listing nodes to be restarted.

<inputfile>
Supported report templates are:
Device Inventory Report
System Log Report
Nodes with Changes Report
Llast Node Check Status Report

-n,--node The name of the node with the Agent to be restarted.

<name>

-R,--report If specified, TE Commander runs the specified report and restarts the Agent on
<name> all nodes listed in the report.
Supported report templates are:
Device Inventory Report
System Log Report
Nodes with Changes Report
Llast Node Check Status Report

-w,--nodegroup The name of a node group. The Agents on all nodes in this group will be
<name> restarted.

-Y,--refresh Refresh the local cache.

For example:

tecommander restartagent -n teconsole -Y

Tripwire Enterprise Commander 8.7.4 User Guide 56 Tripwire Inc.

Delete or Disable User (retireuser)
The retireuser command is used to delete or disable users based on the amount of inactive
days. Options are:

Option 
(Short,Long Form)
Arguments Description

-d,--disable_days (Required) Disable all user accounts with at least this many days of inactivity.
<number>

-i,--inputfile (Optional) Full or relative path to a text file with a list of user account names to
<filePath> ignore.

-r,--remove_days (Required) Remove all user accounts with at least this many days of inactivity.
<number>

Run Action (runaction)

The runaction command is used to run an existing action or action group against the specified
node group, node, or element. Specify the action or action group to run and the object to run the
action against. Options are:

Option (Short,Long Form)
Arguments Description

-a,--action Action name

<name>

-e,--elementname Element name

<name>

-n,--node Node name

<name>

-w,--nodegroup Node group name

<name>

-y,--actiongroup Action group name

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 57 Tripwire Inc.

Run Policy Test (runpolicytests)
The runpolicytests command is used to run policy tests. Specify a semicolon-separated list of
policy test groups and an optional semicolon-separated list of node names. Options are:

Option (Short,Long Form)
Arguments Description

-n,--node Node name(s)

<name1[;name2;etc]>

-w,--nodegroup Node group name(s)

<name1[;name2;etc]>

-z,--policytestgroup Policy test group name(s)

<name1[;name2;etc]>

For example:

runpolicytests -z "Some Policy Tests" -n "mynode.example.com"

Run Task (runtask)

The runtask command is used to run an existing task.  The key options for the command are:

Option (Short,Long Form)
Arguments Description

-k,--task Task name

<name>

-Y,--background Run in background

For example:

tecommander runtask -k "Check Rule Task"

Tripwire Enterprise Commander 8.7.4 User Guide 58 Tripwire Inc.

Search Log (searchlog)
The searchlog command is used to list all log messages matching specified criteria to stdout, or
to list the nodes associated with log messages with those criteria. The key options for the
command are:

Option (Short,Long Form)
Arguments Description

-C,--categories One or more log message categories. If multiple categories are

<category1[,category2,etc]> specified, they must be comma-delimited and case-sensitive.

-H,--hours Limit search to the specified previous number of hours.

<number>

-l,--loglevel Log message level .

<ERROR|INFO>

-m,--msgsearch Text to search for in message.

<text>

-t,--displayobject Display either the nodes associated with the log message (the
<nodes|messages> default) or the messages themselves.

This example searches for nodes with errors messages in the last 72 hours:

tecommander searchlog -l ERROR -H 72 -t nodes

This example searches for “System” error messages in the last 12 hours:

tecommander searchlog -l Error -H 12 -t messages -c "System"

Tripwire Enterprise Commander 8.7.4 User Guide 59 Tripwire Inc.

Set Custom Property (setcustprop)
The setcustprop command is used to set a custom property to the specified value. Specify one
or more nodes with node properties to change using the -n option. To change element properties,
you must also specify an element name with the -e option. You may set multiple custom values
in the same command.

The -i option can be used to specify an existing detailed changes report (in XML format) with a
list of versions whose version properties should be changed. 

The key options for the command are:

Option (Short,Long Form)
Arguments Description

-B,--propertytype Custom property type(s)

<yesno|select|text|date>

-e,--elementname Element name

<name>

-i,--inputfile The path to an existing Detailed Changes report in XML format that lists
<inputfile> versions with custom properties that should be changed.

-n,--node Node name(s)

<name1[;name2;etc]>

-N,--propertyname Custom property name(s)

<name1,name2,etc>

-V,--propertyvalue Custom property value(s)

<value1,value2,etc>
For date properties, _NOW_ is supported for date values.

-w,--nodegroup Node group name

<name>

For example:

tecommander setcustprop -n teconsole -N "Auto-promote BAU Changes" -B yesno -V No

Tripwire Enterprise Commander 8.7.4 User Guide 60 Tripwire Inc.

Set Description (setdesc)
The setdesc command is used to set the Description field of a TE object to the value specified
by the -d parameter.  In addition, the specified text can added as a prefix or suffix to the existing
Description. Options are:

Option (Short,Long Form)
Arguments Description

-a,--action Action name

<name>

-c,--policytest Policy test name

<name>

-d,--description Description text

<text>

-j,--report Report name

<name>

-J,--reportgroup Report group name

<name>

-k,--task Task name

<name>

-K,--taskgroup Task group name

<name>

-n,--node Node name

<name>

-P,--pfxtext If specified, use specified text as a prefix to the existing description.

-r,--rule Rule name

<name>

-S,--sfxtext If specified, use specified text as a suffix to the existing description.

-w,--nodegroup Node group name

<name>

-x,--rulegroup Rule group name

<name>

-y,--actiongroup Action group name

<name>

-z,--policytestgroup Policy test group name

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 61 Tripwire Inc.

Set Node Licenses (setnodelicenses)
The setnodelicenses command is used to enable or disable licenses of a single node, nodes in a
specified node group, or nodes in a report file. Options are:

Option 
(Short,Long Form)
Arguments Description

-i,--inputfile The path to an existing XML file listing nodes to have licenses changed.
<file>
Supported report types are: deviceinventory_rpt, systemlog_rpt,
nodeswithchanges_rpt, and lastnodecheckstatus_rpt.

-l,--options Options string listing which licenses to enable and disable for the selected nodes.
<text> The license types are Change Audit, Configuration Assessment, and Automated
Remediation.

The format for <text> is :

CHG=<true or false>::CFG=<true or false>::REM=<true or false>

-n,--node Name of the node to have its license changed.

<name>

-R,--report If specified, TE Commander will run the specified report and change the licenses
<name> for all nodes included in the report.
Supported report types are: deviceinventory_rpt, systemlog_rpt,
nodeswithchanges_rpt, and lastnodecheckstatus_rpt.

-w,--nodegroup Node group name.  Any licensing changes will occur on ALL nodes in the node
<name> group hierarchy.

Set Node Status (setnodestatus)

The setnodestatus command is used to set the status of a single node, nodes in a specified node
group, or nodes in a report to either disabled or enabled.  The key options for the command are:

Option 
(Short,Long Form)
Arguments Description

-i,--inputfile The path to an existing XML file listing nodes to have their status changed.
<inputfile>
Supported report templates are:
Device Inventory Report
System Log Report
Nodes with Changes Report
Llast Node Check Status Report

-n,--node Name of the node to have its license changed.

<name>

Tripwire Enterprise Commander 8.7.4 User Guide 62 Tripwire Inc.

 Option 
(Short,Long Form)
Arguments Description

-R,--report If specified, TE Commander with run the specified report and change the status
<name> for all nodes included in the report.
Supported report templates are:
Device Inventory Report
System Log Report
Nodes with Changes Report
Llast Node Check Status Report

-S,--enable Change the status (true=enable, false=disable).

<true|false>

-w,--nodegroup Node group name.  Any status changes will occur on ALL nodes in the node
<name> group hierarchy.

For example:

tecommander setnodestatus -n teconsole -S true

Set Variables (setvariable)

The setvariable command is used set global or local, text or password variables.

l If one or more nodes or node groups are specified, a local text variables will be set for all
of the specified node(s).
l If no node or node group is specified, a global variable will be set.
l If the -Y option is specified, a global password variable will be set.
Options are:

Option (Short,Long Form)
Arguments Description

-n,--node Node name(s)

<name1[;name2;etc]>

-N,--varname Variable name

<name>

-V,--varvalue Variable value

<value>

-w,--nodegroup Node group name(s)

<name1[;name2;etc]>

-Y,--ispassword Yes, this is a password variable.

Set a local text variable for the node "teconsole":

tecommander setvariable -N "MY LOCAL TEXT VARIABLE" -V THISISTHEVALUE -n teconsole

Set a global password variable:

setvariable -Y -N "A GLOBAL PW VARIABLE" -V 12341234

Tripwire Enterprise Commander 8.7.4 User Guide 63 Tripwire Inc.

Support Package (supportpkg)
The supportpkg command builds a support zip package to be used by Tripwire Support. There
are no options for this command.

Unlink (unlink)
The unlink command is used to unlink existing objects from an existing group of the same type.
Specify the object to unlink and the object group to be unlinked from. The key options for the
command are:

Option 
(Short,Long Form)
Arguments Description

-a,--action Action name(s)

<name1[;name2;etc]>

-c,--policytest Policy test name(s)

<name1[;name2;etc]>

-f,--from Group to unlink from.

<fromgroup>
Using "*" (quotes required) as the <fromgroup> unlinks from all parent
groups.

-j,--report Report name(s)

<name1[;name2;etc]>

-J,--reportgroup Report group name(s)

<name1[;name2;etc]>

-k,--task Task name(s)

<name1[;name2;etc]>

-K,--taskgroup Task group name(s)

<name1[;name2;etc]>

-n,--node Node name(s)

<name1[;name2;etc]>

-r,--rule Rule name(s)

<name1[;name2;etc]>

-w,--nodegroup Node group name(s)

<name1[;name2;etc]>

-x,--rulegroup Rule group name(s)

<name1[;name2;etc]>

-y,--actiongroup Action group name(s)

<name1[;name2;etc]>

-z,--policytestgroup Policy test group name(s)

<name1[;name2;etc]>

For example:

tecommander unlink -n teconsole -f "Parent Group"

Tripwire Enterprise Commander 8.7.4 User Guide 64 Tripwire Inc.

Manage User Accounts (usermgmt)
The usermgmt command is ued to manage TE user accounts based on LDAP / Active Directory.
Options are:

Option 
(Short,Long Form)
Arguments Description

-a,--action Action to take if user does not exist in Active Directory but does in TE.
<action>

-D,--domain Active Directory domain.

<name>

-g,--groups Comma-delimited list of valid TE groups to assign to the users.

<names>

-O,--overwrite Overwrite existing user with new settings.

-P,--adpass Password of the user connecting to Active Directory.

<password>

-R,--role Valid TE role to assign to the user(s).

<name>

-S,--dirsearch Valid Directory syntax. [(CN=John Doe) or (CN=My Group)]

<dir>

-T,--typesearch Search Type: group or user

<type>

-t,--timeout AD connection timeout - number of seconds before application quits.

<seconds>
Default is 10 seconds.

-U,--user AD User DN - Distinct Name of the user to connect to Active Directory

<name> with.

Tripwire Enterprise Commander 8.7.4 User Guide 65 Tripwire Inc.

Appendix A – Sample Script Using Multiple Commands

The sample script below performs the following actions on the sample nodes tw1.example.com,
tw2.example.com, and tw3.example.com:

1. Moves the nodes from the Discovered node group to a platform-related node group.
2. Links the nodes to the appropriate application-related node group(s).
3. Sets a custom node property that indicates whether or not the node is in a production
environment.
4. Changes the default node description to include the name of the application running on the
node.

Sample script:

move -n tw1.example.com -f Discovered -t "Windows"

link -n tw1.example.com -t "MDNB Application"

setcustprop -n tw1.example.com -N "Test or Dev Server/Device" -B yesno -V No

setdesc -n tw1.example.com -d "MDNB Application Test” 

move -n tw2.example.com -f Discovered -t "Windows"

link -n tw2.example.com -t "MDNB Application"

setcustprop -n tw2.example.com -N "Test or Dev Server/Device" -B yesno -V No

setdesc -n tw2.example.com -d "MDNB Application Test" 

move -n tw3.example.com -f Discovered -t "Windows"

link -n tw3.example.com -t "MDNB Application"

setcustprop -n tw3.example.com -N "Test or Dev Server/Device" -B yesno -B No

setdesc -n tw3.example.com -d "MDNB Application Test" 

Tripwire Enterprise Commander 8.7.4 User Guide 66 Tripwire Inc.