Help a customer know what files need watched

[akentosh]

As a customer, I want to know what files actually need monitored if I don't have a concise list from my compliance team.

[akentosh]

We could take several approaches to this:

1. Watch everything and let the user drill down into what they think matters
2. Take a reasonable set of defaults as recommended by documents like below and try to provide a best effort for different types of compliance concerns. The thought here would be that a customer can check a box with their compliance requirements which then pops up a page that shows what we recommend but ultimately they will still be responsible for their applications. There are several sections which matter. 10.1, 10.2.7, 10.5.5 (FIM), etc.
   Container_PCI_Guide.pdf

From the doc:

Requirement Description - ​ Use file-integrity monitoring or change-detection software on logs to ensure
that existing log data cannot be changed without generating alerts (although new data being added
should not cause an alert
Guidelines​ - File-integrity monitoring or change-detection systems check for changes to critical files, and
notify when such changes are noted. For file- integrity monitoring purposes, an entity usually monitors
files that don’t regularly change, but when changed indicate a possible compromise.

There are also further requirements on audit trails, root access, etc.