• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 22 subscribers
  • Views 310 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

FIM Compliance with Log & Event Manager

byrona

I am curious how the FIM capabilities of LEM meet specific compliance requirements, specifically as it pertains to PCI DSS 3.0?

  • Does the Windows FIM capabilities meet PCI DSS 3.0 requirements?
  • Can you meet PCI FIM requirements on Linux using LEM just by tracking the logs?

I am curious as I would love to consolidate tools and be able to satisfy all of my FIM requirements with LEM if possible.

Thanks in advance for any help on this!

  • FormerMember
    0 FormerMember

    Our experience as of late with customers and PCI has been that they have actually been able to sneak by using Windows File Auditing to pass most of the requirements, so LEM's FIM is certainly a step up from that emoticons_wink.png Not much changed in PCI 3.0 regarding FIM, I added some PCI 3.0 notes to the bottom of our PCI DSS Requirements and Your SolarWinds Installations‌ post on thwack not long ago that speaks to the notable/relevant changes we saw.

    Strictly speaking, we have had customers using LEM's FIM that are bound by PCI, but I don't have details from their audits to know what was discussed.

    Presumably if you use something like Linux auditd to track actual changes being made to files, it's similar to windows file auditing/real-time file change notifications (ref: Re: Support for Linux file auditing?).

  • 0 in reply to FormerMember

    Thanks for the response!

    I certainly want to do more than sneak by and from what I can tell if I am looking at everything correctly; it seems that using LEM for the FIM requirements with the FIM driver in Windows and Auditd in Linux may actually be a pretty good solution for not just PCI but security overall.  The benefit of having all of your FIM satisfied by one application (versus using a different application as we are now) has both technical benefits as well as cost benefits.  At that point the only thing I think it may not have is the ability to see what specifically changed in a given file; however, I am not sure how much of a requirement that is versus just a "nice to have".

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.