Monitoring Unauthorised, Unexpected, or Suspicious Changes
Product Type: Software
Vendor: Trend Micro™
- On-demand or scheduled detection: Integrity scans can be scheduled or performed on-demand.
- Extensive file property checking: Files and directories can be monitored for changes to: contents, attributes—such as owners, permissions, and size—and time-and-date stamp using out-of-the-box integrity rules. Additions, modifications, or deletions of Windows registry keys and values, access control lists, and log files can also be monitored and alerted. This capability is applicable to the PCI DSS 10.5.5 requirement.
- Auditable reporting: The Integrity Monitoring module can display integrity events within the Deep Security Manager dashboard, generate alerts, and provide auditable reports. It is also able to forward events to a security information and event management (SIEM) system via Syslog.
- Security profile groupings: Integrity monitoring rules can be configured for groups or individual servers, to simplify deployment and management of monitoring rulesets.
- Baseline setting: Baseline security profiles can be established and used to compare for changes, to initiate alerts and determine appropriate actions.
- Flexible, practical monitoring: The Integrity Monitoring module offers flexibility and control to optimize the monitoring activities for your unique environment. This includes the ability to include/exclude files or wildcard filenames and include/exclude subdirectories in scan parameters. It also gives the flexibility to create custom rules for unique requirements.