How did you implement PCI-DSS file integrity requirement?

I currently run an OpenDistro 1.11.0 stack.
I need to fulfill the PCI-DSS requiment :
11.5 “Use file-integrity monitoring or change detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert)”

What is the best way to implement? How can we use alerts and audit to monitor that no log are “Modified” ?

@Franckiboy You can mark any index as immutable, so you can write to it, but can’t update/delete, this includes the security index itself. Using below line in elasticsearch.yml:


  • security*

Hope this helps