Results 1 to 3 of 3

Thread: Looking for a PCI Compliance application (10.5.5)

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    40

    Default Looking for a PCI Compliance application (10.5.5)

    As the title suggests, I'm looking for an application to assist with PCI Compliance requirement 10.5.5.

    10.5.5 - Use file-integrity monitoring and change detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).

    To be more specific, I'm looking for something that can handle database log files for Oracle, Sybase, and MS SQL. During my searches I came across Splunk for PCI Compliance (Splunk), but I wanted to see if anyone here was familiar with some type of open source solution they might recommend. In a pinch I could write something myself, but I would prefer to implement an open source solution if a suitable one is available.

    Thanks in advance for any suggestions.

  2. #2
    _jond
    Guest

    Default

    I just found out at work that I have to comply with PCI.
    I think I'm going with TripWire. They've been around forever and I can't see an auditor turning their nose up to it. I've just started to play with it, but it seems to be impressive.

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by _jond View Post
    I just found out at work that I have to comply with PCI.
    I think I'm going with TripWire. They've been around forever and I can't see an auditor turning their nose up to it. I've just started to play with it, but it seems to be impressive.
    Tripwire is what I use. Its a bitch to get going right but once it6s set up its really nice.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •