File integrity monitoring software

[arch3angel at gmail.com (Robert Miller)]

I would recommend OSSEC all the way, a joint effort with your IDS, such 
as snort, helps greatly.  To reduce the false incidents I agree with Ron 
100% you need a means to compare events such as a file change and an 
event on the network.

OSSEC is a great start though, if you want something inexpensive you can 
look at OSSIM (http://www.alienvault.com/community.php?section=Home) 
while the recently release is better the over all documentation is not 
the greatest and it does bundle into the OS things that may not be 
needed for your implementation, plan some time for tweaking and testing.

Keep us up to date as to what you guys choose and how it works out for you.

- Robert
(arch3angel)

On 3/12/2010 3:02 PM, Kennith Asher wrote:
> Greetings gurus-
>
> The company I work for is being pressed to deploy file integrity 
> monitoring tools in our production environment.  I've not worked with 
> such tools in the past and am interested in your experiences.
>
> I have concerns around noise levels, false positives, how to control 
> file integrity and still keep up with vendor updates (50 hour days 
> anyone?).
>
> Anyone have any recommendations?
>
> Thanks,
>
> Ken
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100318/4f03427d/attachment.htm