Options for PCI-DSS on AWS - file integrity monitoring and intrusion detection
Posted
by
Brill Pappin
on Server Fault
See other posts from Server Fault
or by Brill Pappin
Published on 2012-04-10T14:36:30Z
Indexed on
2013/11/01
9:59 UTC
Read the original article
Hit count: 295
I need to deploy some file integrity monitoring and intrusion detections software on AWS instances.
I really wanted to use OSSEC, however it does not work well in an environment where servers can auto deploy and shut down based on load, because it requires server managed keys to be generated. Including the agent in the AMI will not allow monitoring as soon as it comes up because of that.
There are many options out there, and several are listed in other posts on this site, however none that I've seen so far deal with the unique problems inherent in AWS or cloud based deployments in general.
Can anyone point me at some products, preferably open source, that we might use to cover those portions of PCI DSS that require this software?
Has anyone else achieved this on AWS?
© Server Fault or respective owner