Can Splunk do File Integrity Monitoring on its own...

worm929 · ‎10-30-2017

I'm not being able to find consice information, since every post just links to this DEPRECATED feature: docs.splunk.com/Documentation/Splunk/6.0/Data/Monitorchangestoyourfilesystem

I want to be able to log (and then alert) if a change is noticed in a file (usually implemented via scheduled hash checks, but it doesn't matter). Is that possible, or not any more and I would need to pay for other services for that feature?

The other doc that gets usually linked is this: docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows
but the instructions make it seem like I can't use a Universal Forwarder and I must have another full fledged installation of splunk enterprise?
also the instructions have a crucial step where they link to a Microsoft Doc, but that link is completely dead, so it's missing instructions.

Can someone please clarify all this mess for me? I would really appreciate it.

wongdsc · ‎05-29-2018

Hi, seems there's another way located at http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows
to address the deprecated feature.
Cheers, Desmond.

wongdsc · ‎05-29-2018

Hi,
I did a quick find, and noticed version 7.1.0 provides a way .. and you may have a look at https://docs.splunk.com/Documentation/Splunk/7.1.0/Data/MonitorfilesystemchangesonWindows
Hope this helps.
Cheers, Desmond.

Can Splunk do File Integrity Monitoring on its own in 2017?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes