As Splunk is being recognized as strategic tool , more and more requests are coming if Splunk can be used for one thing or another..
So this time, the query was "Can Splunk be used-as/replace File Integrity Monitoring(FIM) tool".
So the idea is, since Splunk UF is installed in majority of hosts/clients, rather than indexing the whole file, UF needs to send information if the file has modified or NOT (like if the cksum got modified). Personally, I was thinking to write it as an "APP" which should cater for Windows/Linux etc. But was checking if you guys have done anything similar to replace Professional FIM tools?
↧