Our experience as of late with customers and PCI has been that they have actually been able to sneak by using Windows File Auditing to pass most of the requirements, so LEM's FIM is certainly a step up from that Not much changed in PCI 3.0 regarding FIM, I added some PCI 3.0 notes to the bottom of our PCI DSS Requirements and Your SolarWinds Installations post on thwack not long ago that speaks to the notable/relevant changes we saw.
Strictly speaking, we have had customers using LEM's FIM that are bound by PCI, but I don't have details from their audits to know what was discussed.
Presumably if you use something like Linux auditd to track actual changes being made to files, it's similar to windows file auditing/real-time file change notifications (ref: Re: Support for Linux file auditing?).
Thanks for the response!
I certainly want to do more than sneak by and from what I can tell if I am looking at everything correctly; it seems that using LEM for the FIM requirements with the FIM driver in Windows and Auditd in Linux may actually be a pretty good solution for not just PCI but security overall. The benefit of having all of your FIM satisfied by one application (versus using a different application as we are now) has both technical benefits as well as cost benefits. At that point the only thing I think it may not have is the ability to see what specifically changed in a given file; however, I am not sure how much of a requirement that is versus just a "nice to have".