How to use TrueSight Server Automation for Payment Card Industry File Integrity Monitoring
The following topics describe how to use the TrueSight Server Automation product for Payment Card Industry (PCI) File Integrity Monitoring (FIM). The process uses the TrueSight Server Automation compliance, discovery, snapshot, and change tracking features, along with the reporting features in the BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation solution to achieve and support an organization's PCI FIM goals.
The process starts with standard PCI FIM templates, which you can configure to satisfy the specific needs of your organization. The templates define the rules for discovering the servers to monitor and the files and directories to track for changes. You then build a set of Discover and Snapshot Jobs and bundle them into a Batch Job, scheduling the pair of jobs for automatic, recurring execution. You can examine the results of the jobs in the TrueSight Server Automation Console, to ensure that the data you are tracking is valid, relevant, and appropriate to your specific change tracking and FIM needs. The Snapshot Job compares the results of the last job run to the current one and highlights the differences.
A regularly-scheduled extract, transform, and load (ETL) job sends the change tracking data to the reporting data warehouse. You can examine and validate the results in out-of-the box change tracking reports and dashboards that are available directly from the Console. You can also customize change tracking reports as necessary to meet your organization's specific needs.
This following topics are specific to TrueSight Server Automation version 8.0, however they also apply, with minor differences, to later versions.
- PCI FIM Process
- Prerequisites for PCI FIM
- Recommendations for avoiding invalid components
- Creating the PCI FIM Server Smart Group
- Creating PCI FIM component templates
- Creating a Component Discover Job for FIM compliance
- Creating a Snapshot Job for FIM compliance
- Creating a Batch Job for FIM compliance
- Running PCI FIM Jobs and monitoring Job progress
- Viewing Change-Tracking Results for FIM compliance in the Console
- Maintaining the PCI FIM Discover and Snapshot Jobs
- Viewing Change Tracking Reports for FIM compliance
- Following Up on Change Tracking Results