2 Replies Latest reply on Apr 30, 2015 2:41 PM by byrona

    FIM Compliance with Log & Event Manager

    byrona

      I am curious how the FIM capabilities of LEM meet specific compliance requirements, specifically as it pertains to PCI DSS 3.0?

       

      • Does the Windows FIM capabilities meet PCI DSS 3.0 requirements?
      • Can you meet PCI FIM requirements on Linux using LEM just by tracking the logs?

       

      I am curious as I would love to consolidate tools and be able to satisfy all of my FIM requirements with LEM if possible.

       

      Thanks in advance for any help on this!

        • Re: FIM Compliance with Log & Event Manager
          nicole pauls

          Our experience as of late with customers and PCI has been that they have actually been able to sneak by using Windows File Auditing to pass most of the requirements, so LEM's FIM is certainly a step up from that Not much changed in PCI 3.0 regarding FIM, I added some PCI 3.0 notes to the bottom of our PCI DSS Requirements and Your SolarWinds Installations post on thwack not long ago that speaks to the notable/relevant changes we saw.

           

          Strictly speaking, we have had customers using LEM's FIM that are bound by PCI, but I don't have details from their audits to know what was discussed.

           

          Presumably if you use something like Linux auditd to track actual changes being made to files, it's similar to windows file auditing/real-time file change notifications (ref: Re: Support for Linux file auditing?).

            • Re: FIM Compliance with Log & Event Manager
              byrona

              Thanks for the response!

               

              I certainly want to do more than sneak by and from what I can tell if I am looking at everything correctly; it seems that using LEM for the FIM requirements with the FIM driver in Windows and Auditd in Linux may actually be a pretty good solution for not just PCI but security overall.  The benefit of having all of your FIM satisfied by one application (versus using a different application as we are now) has both technical benefits as well as cost benefits.  At that point the only thing I think it may not have is the ability to see what specifically changed in a given file; however, I am not sure how much of a requirement that is versus just a "nice to have".