6 Replies Latest reply on May 21, 2014 10:38 AM by evanr

    Log & Event Manager v6.0 RC Now Available: File Integrity Monitoring Included!

    cobrien

      The time has come for yet another Log & Event Manager (LEM) Release Candidate! The RC is already available on the Customer Portal for all LEM customers under maintenance. Release Candidates can be deployed in production and are fully supported by our awesome support team. Read on to find out what new features you can play with in this RC!

       

      File Integrity Monitoring for Windows

       

      File Integrity Monitoring, or FIM, tracks events that occur in the file system.  There are many events that occur in the file system, but most likely you're interested in things like file creates, reads, writes, deletes, permissions changes, and so on.  As with all data sources in LEM, FIM is a connector.  To get FIM up and working, click Manage > Nodes, click the gear next to your node, and hit Connectors.  There you'll see the two new FIM connectors:

      FIM Connectors.png


      We'll come back to the registry connector in a minute.  Adding a new FIM File and Directory connector brings you into the first FIM configuration screen:

      FIM File and Directory Monitors.png


      From here you can apply one of our bundled templates as you can see on the left, or create your own custom monitors.  Custom monitors allow you to create sets of conditions, with each condition containing granular configuration of exactly what file system events you're interested in monitoring:

      FIM File and Directory Conditions.pngFIM File and Directory Add Condition.png


      LEM lets you browse the file system of your remote node right from the manager UI making it that much easier to specify directories:

      FIM File and Directory Remote Browse.png


      FIM makes full use of templates.  You can use ours, add to ours, create your own, share between administrators, and so on.  We've also extended this FIM logic to the Windows registry.  Take a look:

      FIM Registry.png


      You can find FIM documentation on pages 38 and 268 to 274 of the User Guide.


      In LEM, FIM becomes yet another source of data that you can log, analyze, and take action upon.  With correlation rules, the more information sources you have the more accurate and decisive your alerts and other automatic responses can be.

       

      And a Few More Things

       

      FIM is the main feature in this RC, but we've done a few other things too:

      • Significant performance improvements for specific types of rules.  Rules that contain either the AND and OR subgroups or the various system look up groups (User Defined Groups, Connector Profiles Groups, Directory Service Groups and/or Time Of Day Sets) may run faster with less RAM and CPU usage.
      • New connectors for LOGbinder EX, Cisco®, VMware® and more.
      • Various bug fixes.


      Questions, Issues, Comments - Send 'em Our Way


      Feel free to use the Log & Event Manager Release Candidate Thwack forum to report and comment on any issues, questions, or comments you have about this release. Our product management, development, and QA teams are keeping an eye out for any possible issues.


      If you have a question about whether a case you've filed was resolved in this release or a certain feature request implemented, feel free to ping back on this post or in the RC forum and let me know - I'll be sure to look into it.


      Happy Logging!