Add support for collecting user name on FIM (File Integrity Monitoring) #36934
Comments
|
@jasoncyp This is something we're currently working on for Linux. We're looking for more information from any users interested in this capability, to ensure we're providing enough coverage across Linux kernels. Would you mind sending this form to any users interested: Elastic Security - Linux Questionnaire |
|
Hi @jamiehynds I'm CK, the CA for OCBC. There's a huge expansion (S$2m) opportunity for my customer, OCBC, and they badly want this feature to be able to ensure file integrity as they are running a huge enterprise stack and keeping track of who change what is critical to the success of the expansion. |
|
@ck-elastic Is OCBC interested in both Windows and Linux? |
|
@norrietaylor Thank you for your info. Customer is interested in Linux for now but FIM for Windows will definitely come very soon after they complete the testing on Linux. |
norrietaylor
added
the
Team:Security-Linux Platform
|
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform) |
norrietaylor
added
Team:Security-Windows Platform
|
Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform) |
Describe the enhancement:
FIM module collect the user name info and visualize in user.name field on both Linux and Windows
Describe a specific use case for the enhancement or feature:
User/customer has FIM requirements due to they are FSI industry. For the compliance requirements, customer needs to monitor the critical path to understand what has been changed, who does the change, who is the file owner and in which platform etc..
Most of features our FIM integration can support except the user name
This make the FIM module is not quite out-of-the-box to replace other existing solution. This will be our added value to talk about Elastic platform when comes to security compliance.
The text was updated successfully, but these errors were encountered: