[Meta]File Integrity Monitoring | User Information #3310
Labels
enhancement
New feature or request
Integration:fim
File Integrity Monitoring
Team:Security-Linux Platform
Linux Platform Security team [elastic/sec-linux-platform]
Comments
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
jamiehynds
added
enhancement
|
split between 3 OS's |
narph
changed the title
narph
added
Team:Security-Linux Platform
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Similar to Auditbeat's FIM module, our new FIM integration can monitor for file changes, but does not include the user information to capture who modified/accessed the file. This is a significant visibility gap for security analysts and a heavily requested enhancement request.
Research needs to be done to determine how we can capture user information within our FIM integration and any underlying changes required. Can the OS components we rely on today be leveraged or is an underlying change to how we gather FIM data needed?
Linux - #7401
Windows - #8312
MacOS -
The text was updated successfully, but these errors were encountered: