Configure File Integrity Monitoring (FIM) Command
File Integrity Monitoring is new feature introduced with the last SGAgent version and it’s used to monitor files and shared folders. Using this feature you can monitor when a specific file is read, modified or deleted.
!Attention: File Integrity Monitoring is not File Auditing, you are not able to see the user that execute the action.
- SGBox 5.1.3 or higher.
- SGAgent 3.4 or higher.
The FIM package can be installed from SCM>Applications>Packages:
Click to install to download and install the package, then click on Run and select the hosts you want to monitor.
Go on LM>Configurations>Agents
In our example we create a specific configuration for this feature, but you can also create a new command on a existing configuration and modify it.
Click on “New Configuration” to create a new configuration and select CheckFolder.
A new window will appear to enter the command’s details:
- Name: a descriptive name of your command.
- Description: a short description of your command (not mandatory).
- Frequency: how often this information will be sent to SGBox (60 sec suggested).
- Directory Path: where the files or folders are located.
- File Name: Name of the file (you can also use the star expression).
- Check Subdirectories: Use this flag if you want to look at files located in sub directories as well.
- File Integrity: Select the monitor mode* you want to use
- Exclude files: you can specify some files to exclude for the monitor (not mandatory, regex supported)
- Monitor Only: check the integrity when the PC and agent are running.
- Monitor and store integrity: Store the integrity in a internal DB. Even if some operations on files are performed when the S.O or Agent are not running, the agent can identify them. Store large directories can seriously impact performance.
Click OK to save the command.
Click “Save Changes” to save your configuration.
Drag and drop your configuration to target host and click again on “Save Changes“.
When everything is set up you can see your logs in the historical search or from the “File Integrity Monitoring” dashboards.