PCI FIM Process

To set up an automated change tracking process for PCI FIM using TrueSight Server Automation, you define the set of PCI FIM servers in a server smart group, you define the objects to monitor in component templates, and then set up automated recurring jobs that discover specific objects to monitor, take snapshots of those objects, and make comparisons to identify changes.
When those setup features are running smoothly, you have a recurring process that consists of monitoring job runs and examining reports to find unexpected changes on your systems.
worddavac4d62a8a5c2f79c592deec6ab8b951d.png
The next figure shows how the TrueSight Server Automation components work together to capture unexpected changes.

Component Template
Contains rules describing what to monitor. Rules are typically parameterized with properties.

  • Discover rules define characteristics of servers for which the template is intended.
  • Parts define objects on the servers to monitor. You can define exclusions on objects that are expected to change, such as all log files.

Examples

  • Discover rules:

    worddav63bd45627f1e871af9688669161a203a.png
  • Parts descriptions:
    worddavb2cda93b0410657d9dec8328ece896e4.png

Discover Job
Uses the component template to find objects to monitor.

  • Discover rules identify servers.
  • Parts descriptions identify objects on the servers.

Example
worddavbdfff156ad33404344f32b04b56fbc80.png

Snapshot Job
Captures state information for each discovered object and gathers the delta between the last snapshot on file and the current state.

  • Change Tracking tab lists a summary of changes.
  • Snapshot tab shows details.

Examples

  • Change Tracking tab

    worddav5ec1c18f22ef22ad2bfadca827342bb1.png
  • Snapshot Tab
    worddav4df31312efa9ac1bc194030b411916c0.png

Change Tracking Report

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*