Why do I not See FIM alerts on Old CentOS Operating Systems ?

Follow

The Threat Stack agent uses fanotify to collect additional information about Linux File Integrity Monitoring (FIM) events. Red Hat has chosen not to backport fanotify to Red Hat Enterprise Linux (RHEL) 6. This may cause you to see less context (the user and command information in the FIM event) on events generated from RHEL 6-based Linux distributions.  Because of the lack of the context information, Threat Stack will not generate alerts for those specific events.

How This Affects You

File Integrity Monitoring (FIM) on RHEL 6-based machines yields (FIM) events with less context than those from other systems. This impacts RHEL 6 and CentOS 6. It does not affect Amazon Linux.

The lack of additional context will impact how you configure alerting for RHEL 6-based machines. Please contact your Customer Success Manager for assistance (success@threatstack.com).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.