STDI (Query Technology File Watcher)

STDI (Query Technology File Watcher)

STDI (Query Technology File Monitor) is a tool that allows you to monitor files and folders on Linux servers that you can use to support your company's security policy. STDI is developed based on the Linux "audit" kernel extension and the "linux-audit" application.

STDI

STDI (Query Technology File Monitor) is a tool that allows you to monitor files and folders on Linux servers that you can use to support your company's security policy. STDI is developed based on the Linux "audit" kernel plugin and the "linux-audit" application.

With this tool, you can easily manage multiple servers on a single management screen and define different rule sets for servers. Agents working on servers make sense of the core messages created by the triggering of the rule sets you define and instantly send them to the "SysLog" or "SIEM" tools. This product controls file modification only. It is recommended to use different products to control the change in file content.

 

The meaning of the warning is mainly:

Changed File

Date the alert occurred

The user who modified the file

Real user in case of user change with commands such as su, sudo ..

Whether the file allows anyone to write

It contains the command data used to modify the file.

 

Product highlights:

Management interface running on the Docker infrastructure

Multiple servers and rule management from a single screen

Creating custom rule sets for multiple files and / or folders.

Add file, folder, and command exception rules for rule sets.

Storing / resending the warnings in temporary area in case of error during the sending of alerts.

 

Ability to automatically cancel the rule set to protect the system if more than a certain number of warnings are generated in the time period

 

Ability to send alerts in different formats (RFC3164, RFC5424, CEF)

Ability to view errors from clients in the interface


03/11/2020

Other Blogs