RSA Admin

PCI File-Integrity Monitoring of Log Data

Discussion created by RSA Admin Employee on Oct 8, 2009
Latest reply on Oct 14, 2009 by RSA Admin

I'm asking the community since RSA Support wasn't very helpful with this issue. To satisfy PCI Requirement 10.5.5, you need to be alerted if someone attempts to modify log data on the enVision appliance. RSA says they have a solution and it's being marketed on the RSA website as the following:

 

"RSA enVision is capable of creating alerts which ensure supervisors and others are aware if any changes to the logs take place."

 

However, support seemed unware of this "Marketing" feature and just pointed me to the Windows Device guide to enable File/Folder auditing. This is not very straightforward since the enVision is a Domain Controller and you have to modify the Default Domain Controller Security policy to enable this option. There aren't very specific steps to configure this for the enVision server itself.

 

Has anyone been able to get this function to work? Thanks.

Outcomes