https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/594118#M7036 <P>Step by step instruction how to achieve this:</P> <P><A href="https://infosecotb.com/cortex-xdr-file-integrity-monitoring-for-pci-dss/" target="_blank" rel="noopener">Cortex XDR File Integrity Monitoring for PCI-DSS</A>&nbsp;</P> Tue, 06 Aug 2024 11:28:44 GMT Piotr_Kowalczyk 2024-08-06T11:28:44Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/543016#M4405 <P>Hi,</P> <P>&nbsp;</P> <P>I’ve read in <A href="https://isacala.org/wp-content/uploads/2020/08/Cortex-XDR-Whitepaper_Coalfire.pdf" target="_blank">https://isacala.org/wp-content/uploads/2020/08/Cortex-XDR-Whitepaper_Coalfire.pdf</A> that the PCI-DSS compliance with 10.5.5 and 11.5 can be achieved with BIOC rules. Unfortunately, there is no details. Has anybody done this and can share knowledge/experience with me?</P> <P>&nbsp;</P> <P>Thank you</P> Tue, 23 May 2023 09:18:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/543016#M4405 Piotr_Kowalczyk 2023-05-23T09:18:44Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/543054#M4408 <P>I did create a File Integrity Monitoring rule for PCI that monitors our POS program files for any file action not performed by the POS program exe. Not sure if it would actually pass PCI audit though.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="jruck_0-1684853051610.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/50300i7CB4B7BC8A83D6D5/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="jruck_0-1684853051610.png" alt="jruck_0-1684853051610.png" /></span></P> <P>&nbsp;</P> Tue, 23 May 2023 14:44:42 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/543054#M4408 jruck 2023-05-23T14:44:42Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/543300#M4436 <P>Hi Jruck,</P> <P>Thanks you for the reply.</P> <P>Unfortunately I don't think this meets PCI-DSS requirements which I'm referring to. They want us to monitor unauthorised logs and system files changes so it probably needs to be way more complex...</P> Thu, 25 May 2023 08:27:32 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/543300#M4436 Piotr_Kowalczyk 2023-05-25T08:27:32Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/565900#M5552 <P>Hi Piotr!</P> <P>Were you able to meet the requirement 11.5 (or part of this) with Cortex XDR BIOC?</P> Wed, 15 Nov 2023 23:52:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/565900#M5552 danlav 2023-11-15T23:52:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/566125#M5561 <P>Hi Dan,</P> <P>Yes, it required a lot of work as I had to design and create BIOC rules myself but once is set, it is working well.</P> <P>The hardest part was to find what to monitor. I used following:&nbsp;<A href="https://learn.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-overview" target="_blank">Track changes to system files and registry keys - Microsoft Defender for Cloud | Microsoft Learn</A>&nbsp;+ our important folders.&nbsp;</P> <P>&nbsp;</P> Fri, 17 Nov 2023 09:34:03 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/566125#M5561 Piotr_Kowalczyk 2023-11-17T09:34:03Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/566767#M5592 <P>Hi Piotr, Thank you so much!&nbsp;</P> Wed, 22 Nov 2023 21:45:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/566767#M5592 danlav 2023-11-22T21:45:54Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/594118#M7036 <P>Step by step instruction how to achieve this:</P> <P><A href="https://infosecotb.com/cortex-xdr-file-integrity-monitoring-for-pci-dss/" target="_blank" rel="noopener">Cortex XDR File Integrity Monitoring for PCI-DSS</A>&nbsp;</P> Tue, 06 Aug 2024 11:28:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-file-integrity-monitor-and-pci-dss-10-5-5-and-11-5/m-p/594118#M7036 Piotr_Kowalczyk 2024-08-06T11:28:44Z