File Integrity Monitoring

Question

Hi All, 
 
 We have rolled out file integrity monitoring. My question is can someone share with me how they are reviewing these events daily? We have a central log monitor, but since Sophos does not write any detail to the event's general message, only in the detail, it is of no use to us. My only option at this time is to manually review each server's event log daily which is not practical. There are no events in Sophos Central other than to indicate monitoring status. So really, at this point, it is only a tool we can use when researching an event that was detected by other means and not something we can use for proactive monitoring. Thanks.

Badrobot · Answer

If you have monitoring/alerts setup for your Windows Event logs you can enable Sophos to add events to the Windows event logs that way. Not ideal but I thought it would be worth mentioning. You can also access the data via third party software options as well. 
 
 See FAQ here: 
 https://community.sophos.com/kb/en-us/132846

DianneY · Answer

Hello Lisa Busby 
 Sophos File Integrity Monitoring assists customers who need to meet PCI:DSS compliance for the most part. 
 Do check out the information below which some may find useful: 
 Sophos File Integrity Monitoring Frequently Asked Questions (FAQs)