Hello, Davin.
The simple answer is no. If you like, you can
go and collect logs from your favourite FIM solution. In this scenario, I'd recommend using one of the recommended app exchange options, such as snare, sysmon, or tripwire.
Regards
steven
------------------------------
steven vaughan
------------------------------
Original Message:
Sent: Fri November 26, 2021 05:36 AM
From: Karl Jaeger
Subject: QRadar monitor modified the registry variables and configuration files
Hi Davin
short answer is no. You can however collect logs from your favourite FIM solution if you like. In this case I would go for one of the supported solutions available in app exchange, like snare, sysmon or tripwire.
Regards
Karl
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
Original Message:
Sent: Thu November 25, 2021 05:59 AM
From: Davin Ardian
Subject: QRadar monitor modified the registry variables and configuration files
Hi All,
hope you are all doing well. I have a question regarding the registry and file integrity monitoring. Does the QRadar WinCollect have a feature to track the changes on the server environment; for example, modified configuration files or modified registry variables?
Thank you.
------------------------------
Davin Ardian
------------------------------