Question for those using a FIM for PCI compliance

[Cathy Hubbs <hubbs () AMERICAN EDU>]

Greetings,
Our PCI QSAs are adamant that we implement a File Integrity Monitoring (FIM) solution for our remaining in-scope 
systems. We are Level 3 and required to complete the SAQ D. Requirements 11a & 11b explicitly state use of a FIM and so 
we are revisiting the use of FIMs.

Question for those of you that have installed a FIM in response to PCI

  *   If you like your vendor/product which one are you using?

We used a FIM in the past (tripwire) and eventually didn’t renew because of the operational overhead. I’m interested in 
speaking with those of you that are having a good experience with a FIM, specifically configured for PCI compliance.

Thanks in advance,

Cathy

Cathy Hubbs, CISO
American University