How did you implement PCI-DSS file integrity requirement?

Franckiboy · November 30, 2020, 10:05pm

I currently run an OpenDistro 1.11.0 stack.
I need to fulfill the PCI-DSS requiment :
11.5 “Use file-integrity monitoring or change detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert)”

What is the best way to implement? How can we use alerts and audit to monitor that no log are “Modified” ?

Anthony · February 18, 2021, 2:34pm

@Franckiboy You can mark any index as immutable, so you can write to it, but can’t update/delete, this includes the security index itself. Using below line in elasticsearch.yml:

opendistro_security.compliance.immutable_indices:

security*

Hope this helps

Topic		Replies	Views
Audit - tracking users working deleting index Security	5	697	April 21, 2020
Change security-auditlog-* index replicas Security	7	2365	February 23, 2021
Immutable indices Security	2	604	September 30, 2022
1.13 upgrade possible breaking changes? Index Management	2	616	March 1, 2021
How does ElasticSearch opendistro ISM work? Index Management discuss , configure	3	351	April 24, 2022

How did you implement PCI-DSS file integrity requirement?

Related Topics