PaulDotCom mailing list archives
File integrity monitoring software
From: rd at rd1.net (Ralph Durkee)
Date: Sat, 13 Mar 2010 18:58:58 -0500
TripWire and Aide are the classic answers, but I would recommend OSSEC http://ossec.net While consulting with a large organization that was deploying a commercial FIM product managed by a major vendor, the security group was given the list of files to monitored and ask for their approval. The list was the default for the commercial product and was missing some obvious directories and registries for the windows platform. When I was asked for an opinion, I went out and got the default list from OSSEC download. Since it was much more complete, we reviewed that list with the group, and it became their standard for the FIM. -- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN Principal Security Consultant Kennith Asher wrote:
Greetings gurus- The company I work for is being pressed to deploy file integrity monitoring tools in our production environment. I've not worked with such tools in the past and am interested in your experiences. I have concerns around noise levels, false positives, how to control file integrity and still keep up with vendor updates (50 hour days anyone?). Anyone have any recommendations? Thanks, Ken ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100313/d69be8fa/attachment.htm
Current thread:
- File integrity monitoring software Kennith Asher (Mar 12)
- File integrity monitoring software Ralph Durkee (Mar 13)
- File integrity monitoring software Brett (Mar 13)
- File integrity monitoring software Ron Gula (Mar 16)
- File integrity monitoring software Robert Miller (Mar 18)
- File integrity monitoring software Michael McGrew (Mar 22)
- <Possible follow-ups>
- File integrity monitoring software Robert Wahl (Mar 14)
- File integrity monitoring software Ralph Durkee (Mar 13)