Splunk File Integrity Monitoring ( FIM )
As of the time of this writing Splunk does not have built-in functionality for File Integrity Monitoring. It does however have the ability to interface with a number of other FIM tools. You could easily setup a Splunk dashboard around data ingested from other tools such as AIDE or tripwire.
Splunk makes it easy to visualize data collected from Tripwire.
Splunk can generally handle just about any type of data from almost any source. There is no reason you wouldn’t want to just ingest data from whatever FIM tool you happen to be using.
You might want to take a look at these:
- Reddit thread on Simple File Integrity Monitoring - for Splunk.
- Some things that someone put together to integrate FIM scripts that they use with Splunk HERE