STDI (Query Technology File Watcher)
STDI
STDI (Query Technology File Monitor) is a tool that allows you to monitor files and folders on Linux servers that you can use to support your company's security policy. STDI is developed based on the Linux "audit" kernel plugin and the "linux-audit" application.
With this tool, you can easily manage multiple servers on a single management screen and define different rule sets for servers. Agents working on servers make sense of the core messages created by the triggering of the rule sets you define and instantly send them to the "SysLog" or "SIEM" tools. This product controls file modification only. It is recommended to use different products to control the change in file content.
The meaning of the warning is mainly:
Changed File
Date the alert occurred
The user who modified the file
Real user in case of user change with commands such as su, sudo ..
Whether the file allows anyone to write
It contains the command data used to modify the file.
Product highlights:
Management interface running on the Docker infrastructure
Multiple servers and rule management from a single screen
Creating custom rule sets for multiple files and / or folders.
Add file, folder, and command exception rules for rule sets.
Storing / resending the warnings in temporary area in case of error during the sending of alerts.
Ability to automatically cancel the rule set to protect the system if more than a certain number of warnings are generated in the time period
Ability to send alerts in different formats (RFC3164, RFC5424, CEF)
Ability to view errors from clients in the interface
03/11/2020