Stability of File Integrity Monitoring driver on your systems (any issues deploying/starting, or any crashes/blue screens)
So far I haven't experience any issues with deploying the vm. No BSODs with my virtual machines either. Everything is running smoothly.
Whether you're seeing data reported you'd expect to see
I like the simplicity. Request received from OS to delete file "C:\test.txt". No fluff. It tells me exactly what I want to know. What type of event it is like a delete or create. The source account. The source ip and the file name. What more do I need to know. Same with the registry settings. I see exactly what key/value is being created/deleted..etc. And an audit trail of what user/workstation is doing the editing.
Any issues or confusion with configuration
The interface is nice and simple for users like me who just want to jump right in. It's a very nice change compared to the laboriously long process of setting up a FIM monitor in Tripwire.
What kind of monitoring templates it'd be useful to have
Database templates for tracking logins/logouts table edits..etc. Maybe some stock compliance templates.
Suggestions, comments, improvements, as usual
Only good things as usual. It's super simple to set up a monitor and start collecting data. Again I'm used to spending a large chunk of time setting up groups and policies in Tripwire just to be able to monitor a simple folder within Windows. This just gets the job done without inundating the user with tons of useless options to pick from. Kudos guys can't wait for this to be pushed out into production so we can get rid of Tripwire