In Windows systems, there are constant changes happening to files, folders and registry entries. Though most of these changes are due to normal processes like patch updates or system modifications, some of the changes could be the result of viruses or malicious hacker attacks that can introduce critical vulnerabilities to these Windows systems, that cause system downtime.
It therefore becomes imperative that some of the critical files, folders and registry entries are periodically monitored and the changes are kept track off during the normal vulnerability scan cycle. Change tracking and management aids largely in providing insights on the status of the entities (like files, folders or registry entries) and helps comparing against a preset baseline. This ensures IT Security staff that everything is in order and gives them control over vulnerabilities creeping into Windows systems due to unwarranted file/folder/registry changes.
In Security Manager Plus, Change Management of Windows machines is governed by Profiles. Profiles are nothing but custom templates that are defined by users to capture a list of important files, folders and registry entries that need to be periodically tracked for changes during every scan. Change tracking can be done on Assets or Asset Groups. Multiple profiles can be associated to the same asset or asset group.
For more information on working with profiles, refer to the Change Management section.
Windows Change Management Reports
Reports can be generated for assets or asset groups to display detailed change tracking and status of configured files, folders & registry entries of Windows systems. This can be done from Reports tab --> File & Registry Changes Report link.
Windows Change Management to meet PCI DSS Compliance
Section 11.5 of the PCI DSS has a clause which requires the deployment of file integrity monitoring software to alert personnel to unauthorized modification of critical system or content files; and configure the software to perform critical file comparisons at least weekly.
Security Manager Plus facilitates this and enables this clause of the PCI DSS to be met, by listing all assets that are monitored for critical system or content files. The PCI DSS Compliance report can be generated for assets or asset groups from Reports tab --> PCI DSS Compliance Report.