Alert Logic® Managed Detection & Response Professional and Enterprise customers have access to a new file integrity monitoring dashboard and capabilities, as well as two new PCI DSS compliance reports, in the Alert Logic console.
File integrity monitoring (FIM) is a security control that detects potentially unauthorized change events to your operating system and application files. Alert Logic FIM capabilities support PCI DSS requirements 10.5.5 and 11.5 and provide additional context as you investigate potential attacks or compromised assets.
Utilizing File Integrity Monitoring
FIM management and capabilities are available within the Alert Logic console at Configure > Deployments > the deployment whose FIM configurations you want to manage > File Integrity Monitoring.
Within File Integrity Monitoring > Monitoring, you can configure file monitoring for specific paths of an asset or group of assets from default files and directories available for that deployment. Click the yellow Add icon (), fill out the required fields, and click Save.
You can also turn monitoring for assets on or off via the Monitor toggle, view asset details by clicking View, and filter the asset list by file type via the All File Types drop-down menu.
Within File Integrity Monitoring > Exclusions, you can exclude file monitoring for specific paths of an asset or a group of assets. To set an exclusion, select the yellow Add icon, fill out the required fields, and click Save.
When setting an exclusion, you can add your own base file path, which will recursively monitor anything created, modified, or deleted in that directory path. Alert Logic also supports the ability to be specific - down to the exact file or file type - of what you are excluding. The Add or Remove Assets section you see while setting up your exclusion offers more customization options for a specific host or group of hosts within the deployment. If you utilize this option, it will not apply to the entire deployment; it will only apply to the assets you have chosen.
As with Monitoring above, you can also view asset details by clicking View and filter the asset list by file type via the All File Types drop-down menu.
Scheduled FIM Search
You can schedule file integrity monitoring searches and configure notifications, which can be sent to you and other recipients when the search results are available. Within the Alert Logic console, navigate to Manage > Notifications > Schedules > Add icon () > Schedule a FIM Search. Here, you'll provide details on the search name and schedule, subscribe yourself and others to receive notifications of the search results, and decide on notification delivery options.
Note: The Receive a notification even if the scheduled search yields no results notification delivery option will still send you notifications if your search has no results, which proves - for PCI compliance purposes - that Alert Logic is logging everything in your environment, even if that means there was nothing to report.
More details around this feature can be found at our File Integrity Monitoring Search Notification documentation.
File Integrity Monitoring Dashboard
A new File Integrity Monitoring dashboard is available to you within the Alert Logic console at Dashboards > File Integrity Monitoring. This dashboard provides at-a-glance access to FIM-related data within your environment and based on the systems and application files you have set to be monitored by FIM. The File Integrity Monitoring dashboard includes data snapshots such as File Path Monitoring Status, FIM Event Action Trends, and Top File Paths.
More details around this dashboard can be found at our File Integrity Monitoring Dashboard documentation.
PCI DSS 10.5.5 and 11.5 Reports
Two new PCI DSS reports, for mandates 10.5.5 and 11.5, are available in the Alert Logic console at Validate > Reports > Compliance > PCI DSS Audit. These reports demonstrate your progress toward the compliance mandates and help you understand where you need to focus more attention.
PCI Requirement 10.5.5
The PCI Requirement 10.5.5 report describes how to use and access file integrity monitoring features in the Alert Logic console that help demonstrate compliance with Requirement 10.5.5. The report offers testing procedures and available documentation and artifacts for any customer account and pulls data from the last 30, 90, or 365 days.
PCI Requirement 11.5
The PCI Requirement 11.5 report describes how to use and access file integrity monitoring features in the Alert Logic console that help demonstrate compliance with Requirement 11.5. The report offers testing procedures and available documentation and artifacts for any customer account and pulls data from the last 30, 90, or 365 days.
For additional information on file integrity monitoring, see our File Integrity Monitoring documentation.