On Tue, Nov 20, 2012 at 9:59 AM, stones2125 <[email protected]> wrote: > So how is OSSEC PCI compliant since the requirement is to identify the user > who made a change. >
I didn't think products/projects were PCI compliant, I thought your processes and systems would have to be PCI compliant. You can identify who changed the files, if your OS supports auditing that information. You could probably write a rule to alert you when a change is made and by whom when that information is logged. > On Tuesday, November 20, 2012 9:51:50 AM UTC-5, stones2125 wrote: >> >> I am new to OSSEC and have been trying to figure out how to do the >> following...if possible. >> >> - When a file changes on a Windows server, how do I see the username of >> the person who changed it. >> - How do I see the actual changes (lines of text) >> >> I get the alert that shows the file checksum changed, but need more info.
