The Threat Stack agent uses fanotify to collect additional information about Linux File Integrity Monitoring (FIM) events. Red Hat has chosen not to backport fanotify to Red Hat Enterprise Linux (RHEL) 6. This may cause you to see less context (the user and command information in the FIM event) on events generated from RHEL 6-based Linux distributions. Because of the lack of the context information, Threat Stack will not generate alerts for those specific events.
How This Affects You
File Integrity Monitoring (FIM) on RHEL 6-based machines yields (FIM) events with less context than those from other systems. This impacts RHEL 6 and CentOS 6. It does not affect Amazon Linux.
The lack of additional context will impact how you configure alerting for RHEL 6-based machines. Please contact your Customer Success Manager for assistance (firstname.lastname@example.org).